- Mark as New
- Bookmark
- Subscribe
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-20-2020
11:35 AM
03-20-2020
11:35 AM
Data Query Access and Security Deficiencies
We have discovered that the new Data Query function has significant and highly concerning security deficiencies.
- Any user, even those with read only access, are able to access and run Data Queries if they simply go directly to the URL
- Any user is able to export other user's data queries
- We are not able to see who created a data query
Zuora should alert it's entire community to these deficiencies as well as resolve these with immediate criticality.
Labels: