Severity : Low
CVE ID : CVE-2022-25245
Affected software version(s) : 6970
Fixed version(s) : 6971
Fixed on : March 9, 2022
Using the approval login URL, which authorizes purchase details without a login in AssetExplorer, non-login users are able to extract vendor currency details.
Enables non-users to extract all vendor currency details without logging into the application.
Steps to upgrade
Customers can upgrade to the latest version (6971) using the appropriate migration path listed here.
Reported by Matt in our bug bounty portal.