This is a missing authentication vulnerability in DrangSoft's GCB/FCB Audit Software. Unauthenticated remote attackers can directly access restricted APIs without any credential checks. Attackers can exploit this flaw to create a new full administrative account, gaining complete control over the affected software. Successful exploitation leads to full system compromise and potential data theft.
Remediation
Restrict public access to the GCB/FCB Audit Software instance to trusted internal networks only until an official patch is released. Block external access to the vulnerable API endpoints to prevent unauthenticated exploitation. Monitor the system for unauthorized administrative accounts to detect potential compromise attempts.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.