The HTTP API in ABBYY FlexiCapture prior to 12 Release 1 Update 7 allows an malicious user to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
abbyy flexicapture 12.0.1.475 |
||
abbyy flexicapture 12.0.1.428 |
||
abbyy flexicapture 12.0.1.367 |
||
abbyy flexicapture 12.0.1.292 |
||
abbyy flexicapture 12.0.1.267 |
||
abbyy flexicapture 12.0.1.282 |
||
abbyy flexicapture 12.0.1.263 |