CVE-2024-0580 Omission of key-controlled authorization in Qsige

Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3,...

QSIGE Security Vulnerabilities

QSIGE is an intelligent waiting management system from QSIGE, Inc. A security vulnerability exists in QSIGE that stems from omitting key control authorization, allowing an attacker to extract sensitive information from the API...

PT-2023-27746 · Qsige · Qsige

Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The QSige login SSO lacks an access control mechanism to verify if a user has sufficient permissions to request a resource. To exploit this, a user must first log into the application...

PT-2023-27741 · Qsige · Qsige

Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The QSige login SSO lacks an access control mechanism to verify if a user has sufficient permissions to request a resource. To exploit this, a user must first log into the application...