CVE-2021-35060

2021-10-1108:24:26

mitre

www.cve.org

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.8%

JSON

/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.

References

gist.github.com/exviry/9527ce2ccdc0718d3ffd1e3ca62cf304

www.openwaygroup.com/way4-platform