CNNVD-202601-1847 Information

CNNVD ID

CNNVD-202601-1847

Related CVE

CVE-2025-41077

• CNNVD Published: 2026-01-12

Description (Chinese)

Viafirma Inbox是西班牙Viafirma公司的一款电子签名收件箱。 Viafirma Inbox 4.5.13版本存在安全漏洞，该漏洞源于存在不安全的直接对象引用，可能导致任何经过身份验证但无特权的用户列出所有用户、访问和修改其数据，进而通过密码恢复功能冒充任何用户访问应用程序。

Description (English)

Viafirma Inbox is an electronic signed inbox of the Spanish company Viafirma. Version 4.5.13 of Viafirma Inbox has a security loophole, which stems from the existence of an unsafe direct-object reference, which may lead any user who has been identified but has no privilege to list all users, access and modify their data, and thus restores the password function as any user access application.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Viafirma

Published

2026-01-12

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products

Patch

https://www.viafirma.com/es/