What the vulnerability does
01Description
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
Explanation of Vulnerability in Simple Terms
ARMember contains an authorization bypass that allows authenticated users with low privileges to access sensitive information they should not see. The vulnerability stems from missing permission checks on certain endpoints. An attacker with a valid user account can read data belonging to other users or the site without elevated privileges. Update to a version newer than 3.4.10.
What an attacker can do
Read sensitive data or information belonging to other users or the site.
Potential impact on your site
User data and site information may be exposed to any authenticated member, compromising privacy and confidentiality.
Conditions required to exploit
Attacker must have a valid user account with low privileges on the site.
Key dates
External resources
Related vulnerabilities