Security advisory

Non-login users can extract vendor currency details.

Severity : Low

CVE ID : CVE-2022-25245

Affected software version(s) : 6970

Fixed version(s) : 6971

Fixed on : March 9, 2022


Using the approval login URL, which authorizes purchase details without a login in AssetExplorer, non-login users are able to extract vendor currency details.


Enables non-users to extract all vendor currency details without logging into the application.

Steps to upgrade

Customers can upgrade to the latest version (6971) using the appropriate migration path listed here.

Please read the upgrade instructions carefully before beginning the upgrade. For assistance, write to, or call us toll-free at +1.888.720.9500.


Reported by Matt in our bug bounty portal.

For Easy & Effective Asset Management trusted by