2025-12-10 11:16:28
INCIBE
PUBLISHED
Direct Object Reference Vulnerability (IDOR) in i2As CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users documents by manipulating the ‘documentCode’ parameter in /CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas.