The haxxorsid Stock-Management-System is an enterprise stock management software used by some organizations. This vulnerability allows attackers to execute manipulation on the API/employees function without authentication, potentially leading to unauthorized access and exploitation of sensitive data.
You're affected if you use A weakness. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Contact haxxorsid directly for a patched version - there's no public patch link in the advisory.
Immediate mitigations:
- Restrict network access to your haxxorsid instance (firewall it from the public internet)
- Audit API/employees function activity for suspicious manipulation patterns
- Monitor for unauthorized token creation