This issue can be exploited by an attacker with high privileged access to an application that uses the Yordam Library Information Document Automation product. This issue can be exploited by an attacker with high privileged access to an application that uses the Yordam Library Information Document Automation product. An attacker with high privileged access can access to the application, can change the content of the application’s information via the API and use it to exploit the vulnerability. Below is a common scenario that can be used to exploit this vulnerability. Scenario: An organization has an ERP (Enterprise Resource Planning) software installed on their network. This ERP software is using the Yordam Library Information Document Automation product. An attacker starts to change the information of the software. After the information has been changed, the software can be exploited via the API.

How to exploit this vulnerability?

A common scenario that can be used to exploit this vulnerability is an attacker changing the information of the software via the API. The scenario can be as follows:
1. Attacker accesses the application with high privileged access, such as Administrator or Root Access. 2. Attacker changes the information of the software via API and uses it to exploit the vulnerability. 3. The attacker sends some content to the application that is then changed and sent back back to them again with different content, which enables them to manipulate a few data fields in order to steal data from users or other organizations on the network.

Timeline

Published on: 10/27/2022 10:15:00 UTC
Last modified on: 10/28/2022 17:44:00 UTC

References