An unauthenticated data exposure vulnerability in Gardyn products allows unauthorized actors to access sensitive account information for all registered users, posing a severe privacy risk.

This vulnerability involves a specific endpoint that fails to enforce authentication, exposing all user account data. An unauthenticated attacker can query this endpoint to retrieve sensitive information belonging to the entire user base.

The exposure of all registered user data represents a catastrophic failure of privacy controls, potentially leading to identity theft, massive reputational damage, and legal penalties. With a CVSS score of 9.3, this critical flaw indicates that the technical barrier to exploitation is low while the impact on data confidentiality is absolute. Failure to address this could result in a total loss of customer trust and significant business disruption.

Immediate Action: Update all affected Infor and Gardyn software to the latest available versions immediately to close the insecure endpoint.

Proactive Monitoring: Review web server and access logs for unusual traffic patterns directed at user profile or account management endpoints.

Compensating Controls: Implement a Web Application Firewall (WAF) to block unauthorized requests to sensitive API endpoints until the patch can be fully deployed.

Public Exploit Available: false

The severity of this unauthenticated data exposure cannot be overstated. Organizations must prioritize the application of the vendor-provided patch immediately. Given the 9.3 CVSS score, this should be treated as a top-priority remediation effort to prevent a massive data breach.