Full title: Platinum Mobile 1.0.4.850 Authorization Bypass Vulnerability 
Category: web applications
Platform: asp
Platinum Mobile version 1.0.4.850 has a broken access control. The mobile application connects to the company-specific server, which does not properly restrict the access to confidential data. Thus, an authenticated attacker can disclose the company's payroll, personal information of other employees without having appropriate privileges to do so.

# 0day.today @ http://0day.today/