Design/Logic Flaw

2022-09-0816:15:00

PRIOn knowledge base

www.prio-n.com

cynet 360

web portal

design flaw

logic flaw

get request

nvd

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.1%

JSON

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers.

CPENameOperatorVersion
cynet_360lt4.5.6

CPE	Name	Operator	Version
	cynet_360	lt	4.5.6

References

www.cynet.com/platform/

www.srlabs.de/bites/edr-security