CVE-2024-7085 Exposure of Private Information OpenText SBM Exploit
From the project webpage : "OpenText™ Solutions Business Manager is enterprise-scale business process automation software. It helps IT quickly create, adapt, deploy, and govern process-based apps and workflows for humans and systems across the organization." Summary If the SMB application has anonymous submit enabled on any project, it creates a session for "Anonymous" user upon opening the AnonymousSubmitPage page. This session can be used to enumerate application users and retrieve personal information. Without the Anonymous user session, the vulnerable endpoint throws authentication failure. Details listed: email address, full name, mobile phone, application role, etc. Exploit Step 1: Search for available AnonymousSubmitPage by iterating "projectid" parameter: https://example.com/tmtrack/tmtrack.dll?AnonymousSubmitPage&projectid=1 Once a project with anonymous submit is found, copy cookies from the response for the next step. Step 2: Search for user...