Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints).
[
{
"cpes": [
"cpe:2.3:a:netwrix:usercube:6.0.215:*:*:*:*:*:*:*"
],
"vendor": "netwrix",
"product": "usercube",
"versions": [
{
"status": "affected",
"version": "6.0.215"
}
],
"defaultStatus": "unknown"
}
]