The software does not perform, or incorrectly performs, an authorization check when an actor attempts to access a resource or perform an action. Successful exploitation of this vulnerability could allow an unauthenticated attacker on the network to create and sign their own JSON web token and use it to execute an HTTP API method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a denial-of-service attack.
Denial of service
Users are advised to maintain product installations at the latest release. Latest updates and patches can be found at :