{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30707", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T17:56:23.713Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-17T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-24T17:56:23.713Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is \"Fixed in [02/2026] backend service update.\""}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Maarckz/VulnReports/blob/main/SpeedExam%20%28SECOPS.GROUP%29.md"}, {"url": "https://github.com/Maarckz/VulnReports/blob/main/CVE-2026-30707.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T13:34:17.250379Z", "id": "CVE-2026-30707", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T13:36:19.311Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30707", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-18T13:34:17.250379Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T13:36:09.012Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Maarckz/VulnReports/blob/main/SpeedExam%20%28SECOPS.GROUP%29.md"}, {"url": "https://github.com/Maarckz/VulnReports/blob/main/CVE-2026-30707.md"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-17T18:55:31.648Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30707", "state": "PUBLISHED", "dateUpdated": "2026-03-18T13:36:19.311Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-17T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is \"Fixed in [02/2026] backend service update.\""}, {"lang": "es", "value": "Se descubri\u00f3 un problema en SpeedExam Online Examination System (SaaS) despu\u00e9s de la v.FEV2026. Permite un Control de Acceso Roto a trav\u00e9s del PageMethod ASP.NET ReviewAnswerDetails. Atacantes autenticados pueden eludir las restricciones del lado del cliente e invocar este m\u00e9todo directamente para recuperar la clave de respuestas completa."}], "id": "CVE-2026-30707", "lastModified": "2026-03-24T18:16:09.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-17T20:16:13.870", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Maarckz/VulnReports/blob/main/CVE-2026-30707.md"}, {"source": "cve@mitre.org", "url": "https://github.com/Maarckz/VulnReports/blob/main/SpeedExam%20%28SECOPS.GROUP%29.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[v.FEV2026,*]"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "product": "online_examination_system", "vendor": "speedexam"}], "analysis": {"en": {"generated_at": "2026-03-18T15:25:52.716473+00:00", "value": {"mitigation_remediation": ["Check SpeedExam for any available security patches or updates that address the access control issue and apply them immediately. If no patch is available, restrict direct access to the ReviewAnswerDetails PageMethod to properly authenticated users and enforce role\u2011based checks on the server side. Reconfigure or remove the PageMethod from public endpoints if it is not required. Monitor logs for any unauthorized calls to the exposed method and investigate suspicious activity."], "summary": {"action": "Apply Patch", "impact": "Unauthorized disclosure of full exam answer key"}, "threat_synthesis": {"affected_systems": "The flaw is present in all installations of SpeedExam Online Examination System version after v.FEV2026. No specific vendor or product versions are listed beyond that release, but any instance running a version later than v.FEV2026 is potentially affected.", "description_and_impact": "The vulnerability is a broken access control flaw in the ReviewAnswerDetails PageMethod of the SpeedExam Online Examination System. It allows authenticated users to bypass client\u2011side checks and invoke the method directly, which exposes the full answer key for exams. This represents a confidentiality breach, as the exam answers are sensitive intellectual property, and the weakness is classified as CWE-284: Improper Access Control.", "risk_and_exploitability": "The CVSS score of 8.1 indicates high severity. EPSS is below 1\u202f% and the vulnerability is not yet included in CISA\u2019s KEV catalogue, suggesting a lower current exploitation probability. Exploitation requires valid authentication; the attacker merely needs to call the PageMethod directly, likely through crafted requests or a modified client. Since the issue is due to improper server\u2011side access validation, it can be leveraged by any legitimate user who misuses the endpoint."}}}}, "created": "2026-03-18T12:13:35.332831+00:00", "title": "SpeedExam Online Examination System ReviewAnswerDetails Access Control Bypass Exposes Full Answer Key", "updated": "2026-03-24T10:49:41.075484+00:00", "vendors": ["speedexam", "speedexam$PRODUCT$online_examination_system"]}