CVE-2024-0580 Information

Description

Omission of user-controlled key authorization in the IDMSistemas platform affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter ‘/qsige.locator/quotePrevious/centers/X’ where X supports values 123 etc.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/omission-key-controlled-authorization-qsige