A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.