TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2026-30707

HIGH
8.1

Beschreibung

An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is "Fixed in [02/2026] backend service update."

CVE Details

CVSS v3.1 Bewertung8.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht3/17/2026
Zuletzt geandert3/24/2026
Quellenvd
Honeypot-Sichtungen0

Schwachen (CWE)

CWE-284

Referenzen

https://github.com/Maarckz/VulnReports/blob/main/CVE-2026-30707.md(cve@mitre.org)
https://github.com/Maarckz/VulnReports/blob/main/SpeedExam%20%28SECOPS.GROUP%29.md(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.