First published: Mon Oct 11 2021(Updated: )
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Openwaygroup Way4 | <1.2.278-2693 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-35060 is a vulnerability in OpenWay WAY4 ACS that allows unauthenticated attackers to discover if a specific payment card is stored in the system.
CVE-2021-35060 has a severity score of 5.3, which is categorized as medium.
Attackers can leverage CVE-2021-35060 to determine if a payment card number is stored in the OpenWay WAY4 ACS system by exploiting response differences.
To mitigate CVE-2021-35060, it is recommended to apply the security update version 1.2.278-2693 or later released by OpenWayGroup.
You can find more information about CVE-2021-35060 at the following references: [GitHub Gist](https://gist.github.com/exviry/9527ce2ccdc0718d3ffd1e3ca62cf304) and [OpenWayGroup website](https://www.openwaygroup.com/way4-platform).