CNNVD-202510-3962 Information

CNNVD ID

CNNVD-202510-3962

Related CVE

CVE-2025-61876

• CNNVD Published: 2025-10-29

Description (Chinese)

Inforcer Platform是荷兰Inforcer公司的一个多租户管理平台。 Inforcer Platform 2.0.153版本存在安全漏洞，该漏洞源于/tenants/id API端点存在不安全的直接对象引用，可能导致低权限用户通过修改请求URL中的租户ID来枚举和访问其他客户端的租户信息。

Description (English)

Inforcer Platform is a multi- Tenant Management Platform of Inforcer Netherlands. Inforcer Platform 2.0.153, there is a security loophole that originates from unsafe direct-object references at the /tenants/id API endpoint, which may result in low-authority users taking up and accessing other client information by modifying the tenant ID in the request URL.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Inforcer

Published

2025-10-29

Last Modified

2026-02-24

References

https://silvatech.uk/cve-2025-61876-inforcer-platform/ https://www.inforcer.com/platform https://access.redhat.com/security/cve/cve-2025-61876

Patch

https://www.inforcer.com/platform