CVE-2024-46635 | INROAD prior 20240206 API Endpoint GetCurrentUserInfo UserNameOrPhoneNumber information disclosure

A vulnerability was found in INROAD. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /AccountMaster/GetCurrentUserInfo of the component API Endpoint. The manipulation of the argument UserNameOrPhoneNumber leads to information disclosure.

This vulnerability is known as CVE-2024-46635. The attack can only be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-46635 | INROAD prior 20240206 API Endpoint GetCurrentUserInfo UserNameOrPhoneNumber information disclosure