CVE-2025-3113 | THREATINT

Description

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.

PUBLISHED Reserved 2025-04-02 | Published 2025-04-17 | Updated 2025-04-17 | Assigner Perforce

CRITICAL: 9.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-284 Improper Access Control

Product status

Default status

unaffected

Any version before 2025.2.0.1

affected

References

portal.perforce.com/s/detail/a91PA000001SeefYAC

cve.org (CVE-2025-3113)

nvd.nist.gov (CVE-2025-3113)

Download JSON