Description
OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files.
Published: 2026-01-08
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized File Disclosure
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an attacker to access the DocumentOpen.aspx endpoint and iterate through predictable chargeNumber values to download any file that has been uploaded to the application. This flaw prevents proper authorization checks and leads to disclosure of potentially confidential documents. The weakness represents an Insecure Direct Object Reference that enables unauthorized data access (CWE-639).

Affected Systems

The issue affects the OPEXUS eComplaint application prior to version 9.0.45.0. Any deployment of OPEXUS eComplaint before this release, regardless of vendor environment, is vulnerable. Users on older versions should verify the installed release number and plan for remediation.

Risk and Exploitability

The CVSS score of 8.7 demonstrates a high severity level, and the EPSS score of less than 1% indicates a low probability of exploitation at this time. The vulnerability is exploited remotely through HTTP requests to an endpoint that accepts a numeric chargeNumber parameter. Even though the attack requires iterative probing of predictable values, the process is straightforward once the endpoint is discovered. Although the vulnerability is not currently listed in the CISA KEV catalog, the potential for sensitive data leakage warrants proactive patching.

Generated by OpenCVE AI on April 18, 2026 at 16:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OPEXUS eComplaint to version 9.0.45.0 or later
  • Enforce authentication and role‑based access controls on the DocumentOpen.aspx endpoint, ensuring that only authorized users can request a download
  • Validate the chargeNumber input against the owner’s permissions before serving a file

Generated by OpenCVE AI on April 18, 2026 at 16:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Opexustech
Opexustech ecase Ecomplaint
CPEs cpe:2.3:a:opexustech:ecase_ecomplaint:*:*:*:*:*:*:*:*
Vendors & Products Opexustech
Opexustech ecase Ecomplaint

Fri, 09 Jan 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Opexus
Opexus ecomplaint
Vendors & Products Opexus
Opexus ecomplaint

Thu, 08 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 08 Jan 2026 17:30:00 +0000

Type Values Removed Values Added
Description OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files.
Title OPEXUS eComplaint IDOR
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Opexus Ecomplaint
Opexustech Ecase Ecomplaint
cve-icon MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published:

Updated: 2026-01-08T18:19:28.076Z

Reserved: 2026-01-06T22:00:19.558Z

Link: CVE-2026-22235

cve-icon Vulnrichment

Updated: 2026-01-08T18:19:15.358Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-08T18:16:00.523

Modified: 2026-02-18T14:06:17.220

Link: CVE-2026-22235

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:45:05Z

Weaknesses