CVE-2023-36643

Summary

CVE-2023-36643 is a newly disclosed access control vulnerability affecting ITB-GmbH TradePro version 9.5. This issue grants remote attackers unauthorized access to all orders in the online shop through the oordershow component within the customer function. The flaw stems from insufficient access control mechanisms, enabling adversaries to bypass security restrictions and gain sensitive information. Successful exploitation of this vulnerability could lead to significant data breaches and financial loss for impacted organizations. It is imperative that affected parties apply the necessary security patches as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.