The vulnerability in NetSuite's SuiteCommerce tool stems from misconfigured access controls, exposing sensitive personal information and affecting thousands of websites.
Aaron Costello highlighted that organizations using SuiteCommerce are leaking sensitive customer data due to these access control misconfigurations, presenting a significant risk.
The misconfigured access controls, particularly in custom record types, allow unauthenticated users to exfiltrate customer data, posing serious security threats.
Despite the seriousness of this issue, NetSuite does not provide ready access to transaction logs, complicating the detection and mitigation of these vulnerabilities.
Collection
[
|
...
]