BackEnd of a computer system to manage the reservation service for passport issuance for a Police Headquarters, which has multiple locations in the territory.
Affected versions of this package are vulnerable to Improper Certificate Validation. Certificate hostname validation is disabled by default in Netty 4.1.x which makes it potentially susceptible to Man-in-the-Middle attacks.
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can cause indefinite amounts of memory to be used by inputting a string of modest size. This can lead to a Denial of Service.
The package in question is vulnerable to Access Restriction Bypass. If the ROOT (default) web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice.
The vulnerability is limited to the ROOT (default) web application.