A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Solvait | Solvait | 24.4.2 (including) | 24.4.2 (including) |