What the vulnerability does
01Description
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
What the vulnerability does
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
Explanation of Vulnerability in Simple Terms
QuantumCloud ChatBot versions up to 7.9.7 lack proper authorization checks, allowing authenticated users to modify data and disrupt service availability. An attacker with low-level access can bypass permission controls to alter content or trigger denial-of-service conditions. Update to version 8.4.8 or later to remediate.
What an attacker can do
Modify data and cause service disruption without proper authorization.
Potential impact on your site
Authenticated users can alter content and crash the chatbot without admin approval.
Conditions required to exploit
Attacker must have a valid user account with low-level privileges.
Key dates
External resources
Related vulnerabilities