Design/Logic Flaw

2023-03-2415:15:00

PRIOn knowledge base

www.prio-n.com

design flaw

logic flaw

remote attackers

sensitive information

modified user id

insecure direct object reference

nvd

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.

CPENameOperatorVersion
faveo_servicedeskeq5.0.1

CPE	Name	Operator	Version
	faveo_servicedesk	eq	5.0.1

References

cupc4k3.lol/cve-2023-24625-idor-in-faveo-service-desk-37a63f53d896

medium.com/@cupc4k3/vulnerabilities-in-faveo-service-desk-37a63f53d896

www.faveohelpdesk.com/servicedesk/