Multiple security vulnerabilities in Zendesk’s Web-based customer relationship management (CRM) platform could have allowed attackers to access sensitive information from potentially any customer account — a discovery that showcases application programming interface (API) endpoint weaknesses in enterprise software-as-a-solution (SaaS) applications. Researchers from Varonis Threat Labs discovered the issues — specifically an SQL injection vulnerability and a logical access flaw — in Zendesk Explore, a component of Zendesk’s platform, they said in a blog post published Nov.
Read full article on Dark Reading: Cloud