Vulnerability Description: Multiple Broken Access Control Pre-Auth
Software Version: VAM: Visual Access Manager - 4.15.0 > 4.29
NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-19989
CVSv3: 7.5
Severity: High
Credits: Alessandro Bosco, Luca Di Giuseppe, Mattia Campanelli, Valerio Preti, Stefano Scipioni, Massimiliano Brolli.
Access control (authorization) determines which users can interact with systems and resources within the Web interface. When access control is broken, users could send unauthorized requests to the application. Unauthorized access to system functionality and resources creates an exploitable weakness that opens your company to harmful and potentially expensive outcomes.