Way4

way4

Vendor: Openwaygroup • 2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-35060 1Openwaygroup 1Way4 Jun 17, 2026 Oct 11, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 /way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.
CVE-2021-35059 1Openwaygroup 1Way4 Jun 17, 2026 Oct 11, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter.