An SQL injection vulnerability in Zendesk Explore could have allowed a threat actor to leak Zendesk customer account information, data security firm Varonis reports. Zendesk, a well-known provider of customer support software as a service, offers analytics and reporting through its Zendesk Explore service.
Two vulnerabilities in Zendesk Explore, according to Varonis, could have given an attacker access to conversations, comments, email addresses, tickets, and other data kept in Zendesk accounts with Explore turned on. However, the two problems were brought to Zendesk’s attention and fixed before they had any effect on customer data.
Also Read: Strategies to Identify Database Security Threats and Vulnerabilities at Early Stage
An attacker wishing to take advantage of these vulnerabilities would need to first sign up as an external user for the Zendesk account of the intended victim’s ticketing service.
Read More: Zendesk Vulnerability Could Have Given Hackers Access to Customer Data
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
