A vulnerability was found in INROAD. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /AccountMaster/GetCurrentUserInfo of the component API Endpoint. The manipulation of the argument UserNameOrPhoneNumber leads to information disclosure.
This vulnerability is known as CVE-2024-46635. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.