What the vulnerability does
01Description
Missing Authorization vulnerability in Heureka Group Heureka heureka allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Heureka: from n/a through <= 1.1.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Heureka Group Heureka heureka allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Heureka: from n/a through <= 1.1.0.
Explanation of Vulnerability in Simple Terms
Heureka versions up to 1.1.0 lack proper authorization checks, allowing unauthenticated attackers to modify data via network requests. The vulnerability requires no user interaction and affects the integrity of the application. No confidentiality or availability impact is present. Organizations using affected versions should update immediately.
What an attacker can do
Modify application data without authentication or permission.
Potential impact on your site
Unauthorized users can alter data in your Heureka installation without logging in.
Conditions required to exploit
Network access to the Heureka instance; no authentication required.
Key dates
External resources