Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Logo j-Platform: from 3.29.6.4 before 3.34.8.9.
The CWE-538 class error occurs because the Logo j-Platform application stores sensitive data (such as credentials, tokens, configuration data) in files or directories accessible from outside without appropriate access controls. An attacker can exploit improperly configured access control security levels to read or modify this data without requiring authentication. The attack vector is network-based, requires no privileges or user interaction, making exploitation exceptionally easy.
An attacker can gain unauthorized access to sensitive information stored in the system, and potentially modify data or disrupt application functionality, resulting in complete breach of confidentiality, integrity, and availability.
Logo j-Platform should be updated to version 3.34.8.9 or later. Detailed information is available in the vendor's security notice at: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0061 and https://www.usom.gov.tr/bildirim/tr-26-0061
Logo j-Platform versions 3.29.6.4 to 3.34.8.9 (not including 3.34.8.9) — a product of Logo Software Industry and Trade Inc.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H