What the vulnerability does
01Description
Missing Authorization vulnerability in softnwords SMM API smm-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMM API: from n/a through <= 6.0.31.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
What the vulnerability does
Missing Authorization vulnerability in softnwords SMM API smm-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMM API: from n/a through <= 6.0.31.
Explanation of Vulnerability in Simple Terms
SMM API versions 6.0.31 and earlier lack proper authorization checks, allowing authenticated users to modify data and disrupt service availability. An attacker with low-privilege access can bypass intended restrictions to alter records or cause the API to become unavailable. Update to a version newer than 6.0.31 to remediate.
What an attacker can do
Modify data and cause service disruption without proper authorization.
Potential impact on your site
Unauthorized data changes and potential service outages affecting API availability.
Conditions required to exploit
Attacker must have a valid low-privilege account on the system.
Key dates
External resources