CNNVD-202512-3190 Information

CNNVD ID

CNNVD-202512-3190

Related CVE

CVE-2025-67789

• CNNVD Published: 2025-12-17

Description (Chinese)

DriveLock是德国DriveLock公司的一个端点安全与数据保护平台。 DriveLock 24.1.6之前版本、24.2.7之前版本和25.1.5之前版本存在安全漏洞，该漏洞源于经过身份验证的用户可通过DriveLock API检索其他租户的计算机数量。

Description (English)

DriveLock is an end-point security and data protection platform of the German firm DriveLock. There is a security loophole in previous versions of DriveLock 24.1.6, 24.2.7 and 25.1.5, which stems from the number of computers that can be accessed by other tenants through DriveLock API by a certified user.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

DriveLock

Published

2025-12-17

Last Modified

2026-02-24

References

https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-004-DESInfoDisclosure.htm

Patch

https://drivelock.help/versions/2025_2/web/en/releasenotes/Content/ReleaseNotes_DriveLock/NewRelease/DL_RelNotes.htm