A high-severity authentication bypass vulnerability has been identified in multiple WebITR products. This flaw allows an attacker who already has basic access to the system to impersonate any other user, including administrators, by manipulating a specific parameter. Successful exploitation could lead to a complete compromise of the affected system, resulting in unauthorized data access, modification, and disruption of services.

The vulnerability exists within the authentication mechanism of the affected WebITR products. After an initial, low-privilege authentication, a remote attacker can manipulate a specific parameter within their session or subsequent requests. This manipulation tricks the system into improperly validating the user's identity, allowing the attacker to bypass authorization checks and assume the identity and privileges of any targeted user account.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could have a significant negative impact on the business, leading to a complete loss of confidentiality, integrity, and availability of the data managed by the WebITR platform. An attacker could impersonate a privileged user to steal sensitive corporate or customer data, alter critical system configurations, introduce malware, or disrupt business operations. The potential for reputational damage and regulatory fines is substantial if sensitive information is compromised.

Immediate Action: Apply the security updates provided by the vendor, WebITR, across all affected systems immediately. Following the update, review access logs for any signs of unauthorized or suspicious user impersonation that may have occurred prior to patching.

Proactive Monitoring: Implement enhanced monitoring of application and web server logs. Specifically, look for unusual login patterns, such as a single IP address attempting to access multiple accounts in a short period, or user accounts logging in from geographically anomalous locations. Configure alerts for any modifications to privileged user accounts and monitor for unexpected changes in system configurations.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Deploy a Web Application Firewall (WAF) with strict rules to inspect and block requests containing manipulated authentication parameters.
• Enforce Multi-Factor Authentication (MFA) for all users, particularly for administrative and privileged accounts.
• Restrict network access to the application from untrusted sources and segment the application from other critical internal systems.

Public Exploit Available: false

Given the high severity (CVSS 7.5) and the critical impact of a successful exploit (full account takeover), organizations are strongly advised to prioritize the immediate application of vendor-supplied patches. Although the vulnerability requires an attacker to be authenticated first, the barrier to entry is low, and the potential for privilege escalation to an administrator is a critical risk. While not yet on the CISA KEV list, this vulnerability should be treated with the highest urgency to prevent potential system compromise.