Description
Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references.
References (1)
Core 1
Core References
Various Sources
https://bug.report.night-wolf.io/changelogs
Scores
CVSS v4
8.3
EPSS
0.0025
EPSS Percentile
16.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-285
Status
published
Products (2)
FPT Software/NightWolf Penetration Platform
2.1.2 - 2.1.4
FPT Software/NightWolf Penetration Platform
2.1.5
Published
Mar 31, 2025
Tracked Since
Feb 18, 2026