Lucene search
K

4 matches found

NVD
NVD
added 2025/12/10 12:16 p.m.5 views

CVE-2025-41358

Direct Object Reference Vulnerability IDOR in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in...

8.3CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/10 11:16 a.m.28 views

CVE-2025-41358 Direct reference to insecure objects (IDOR) in CronosWeb from CronosWeb i2A

Direct Object Reference Vulnerability IDOR in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in...

8.3CVSS0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

i2A CronosWeb 安全漏洞

i2A CronosWeb is an integration and automation tool for SAP environments from the Spanish company i2A. A security vulnerability exists in i2A CronosWeb version 25.00.00.12 and prior versions, which stems from the manipulation of the documentCode parameter that could lead to accessing other user...

8.3CVSS6.5AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.6 views

PT-2025-50322

Direct Object Reference Vulnerability IDOR in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in...

8.3CVSS6.6AI score0.00294EPSS
Exploits0References2
Rows per page
Query Builder