What the vulnerability does
01Description
Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through <= 4.9.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through <= 4.9.4.
Explanation of Vulnerability in Simple Terms
Verge3D versions up to 4.9.4 lack proper authorization checks, allowing unauthenticated attackers to read sensitive information over the network. The vulnerability requires no user interaction and affects the confidentiality of data accessible through the application. Update to a version newer than 4.9.4 to remediate.
What an attacker can do
Read sensitive information without authentication.
Potential impact on your site
Unauthorized users can access confidential data stored or processed by Verge3D.
Conditions required to exploit
Network access to the Verge3D application; no authentication or user interaction required.
Key dates
External resources