| TVN ID | TVN-202605002 |
|---|---|
| CVE ID | CVE-2026-9493 |
| CVSS | 6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Affected Products | Service Center |
| Description | Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details. |
| Solution | The vulnerability has been patched server-side. Users do not need to take any action. |
| Public Date | 2026-05-29 |
:::