ByteOS Network

CVE Vulnerability Details :

CVE-2025-3575

PUBLISHED

More Info Official Page

Assigner-INCIBE

Assigner Org ID-0cbda920-cd7f-484a-8e76-bf7f4b7f4516

Published At-15 Apr, 2025 | 08:54

Updated At-15 Apr, 2025 | 14:57

▼CVE Numbering Authority (CNA)

Insecure Direct Object Reference en Deporsite de T-INNOVA

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint.

Affected Products

Vendor

T-INNOVA

Product

Deporsite

Default Status

unaffected

Versions

Affected

v05.29.0907

Problem Types

Type	CWE ID	Description
CWE	CWE-639	CWE-639 Authorization Bypass Through User-Controlled Key

Type: CWE

CWE ID: CWE-639

Description: CWE-639 Authorization Bypass Through User-Controlled Key

Metrics

Version	Base score	Base severity	Vector
4.0	8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Version: 4.0

Base score: 8.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Solutions

The vulnerabilities have been fixed by the T-INNOVA team in release 2024.02 (DSuite2024 v06.1287 fix2). T-Innova has identified the customers using the affected module, and has applied the corresponding patch.

References

Hyperlink	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-deporsite-t-innova	N/A

Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-deporsite-t-innova

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References