- Version: 1.0
- Data classification: External
- Creation date: 09/08/2023
- Review date: 01/09/2023
- Name & title of originator/author: Luka Kolb, Information Security Officer
- Target audience: primion employees, prime WebSystems owners
An Insecure Direct Object Reference (IDOR) vulnerability was discovered which allowed an authenticated user to show request information for other users of the system.
The vulnerability is only applicable for systems where the "workflow with authorisation" parameter is set to inactive.
2. CVE details
CVE 3.1 Base score: 2.8
3. Affected products & versions
- All versions below prime WebSystems v164.3 are affected.
- All platforms are affected.
The fix for the vulnerability is included in the fix pack 163.11 and prime WebSystems version 164.3.1.