FileBound On-Site contains a flaw that is triggered when the application fails to properly verify input passed via the 'UserID' parameter during the handling of a password change SOAP request. This may allow a remote attacker to reset any local user's password, without escalated privileges.
Remote / Network Access
Loss of Integrity
Patch / RCS
Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has reportedly released a patch to address this vulnerability.