Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Apinizer Management Console: before 2024.05.1.
The vulnerability classified as CWE-732 results from improper permission configuration assigned to critical resources in the Apinizer management console. The ACL-based access control mechanism is not properly enforced, allowing a logged-in user with low privileges to perform operations reserved for higher roles. The attack can be conducted remotely over the network without requiring user interaction on the victim's side.
An attacker with basic credentials can gain unauthorized access to administrative functions and critical system resources, which may lead to complete takeover of the management console, disclosure of sensitive data, and violation of system integrity and availability.
Update Apinizer Management Console to version 2024.05.1 or newer. Detailed information is available in the vendor's references and USOM security bulletin (TR-24-1010).
PruvaSoft Informatics Apinizer Management Console in all versions before 2024.05.1.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H