An issue exists in Personify360 e-Business 7.5.2 up to and including 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
personifycorp personify360 7.5.2 |
||
personifycorp personify360 7.6 |
||
personifycorp personify360 7.6.1 |