36 matches found
CVE-2026-32865
Vulnerability summary: OPEXUS eComplaint/eCASE (pre-10.1.0.0) exposes the secret verification code in the HTTP response for ForcePasswordReset.aspx, enabling password reset by an attacker who knows a user’s email. Impact: attacker can reset password and security questions; existing security quest...
CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...
OPEXUS eComplaint and eCase multiple vulnerabilities
RISK EVALUATION OPEXUS eComplaint and eCase contain multiple vulnerabilities. In the worst case, an unauthenticated attacker could take over any account with a known username. 2. RECOMMENDED PRACTICES Update to OPEXUS eCase and eComplaint 10.1.0.0. 3. DESCRIPTION OPEXUS eComplaint and eCASE...
OPEXUS eComplaint 安全漏洞
OPEXUS eComplaint is a complaint and appeal management platform provided by the US company OPEXUS. Versions of OPEXUS eComplaint prior to 10.1.0.0 contained security vulnerabilities. These vulnerabilities allowed unauthenticated attackers to upload arbitrary files, potentially leading to storage...
OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.2.0.0. These...
OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.2.0.0. These...
OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.2.0.0. These...
OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.1.0.0. These...
CVE-2026-22235
OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...
CVE-2026-22235
OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...
CVE-2026-22235 OPEXUS eComplaint IDOR
OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...
CVE-2026-22235
CVE-2026-22235 affects OPEXUS eComplaint (and related eCasePortal) prior to version 9.0.45.0. The vulnerability arises from an information disclosure/IDOR flaw: an attacker can visit the DocumentOpen.aspx endpoint and iterate through predictable values of the chargeNumber parameter to download an...
CVE-2026-22235 OPEXUS eComplaint IDOR
OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...
OPEXUS eComplaint 安全漏洞
OPEXUS eComplaint is a complaint and grievance management platform from OPEXUS USA. A security vulnerability exists in OPEXUS eComplaint versions prior to 9.0.45.0 that originates from an attacker being able to traverse the chargeNumber value, potentially resulting in a file download...
PT-2026-2177
Name of the Vulnerable Software and Affected Versions OPEXUS eComplaint versions prior to 9.0.45.0 Description The application allows an attacker to access the 'DocumentOpen.aspx' endpoint and potentially download any uploaded files. This is possible by iterating through predictable values of the...
OPEXUS eComplaint and eCasePortal IDOR
RISK EVALUATION OPEXUS eCasePortal and eComplaint before version 9.0.45.0 allow an unauthenticated attacker to iterate through predictable URL parameters and download all available files. The eCasePortal vulnerability allows attackers to upload and delete files as well. 2. RECOMMENDED PRACTICES...