Toyota's GSPIMS (Global Supplier Preparation Information Management System), a web-based application used by Toyota employees and its suppliers for coordination and other tasks related to the brand's global supply chain, was breached by a security researcher named Eaton Zveare, who reported the problem to the company.
The researcher discovered a backdoor in the GSPIMS system that allowed access to an existing user account, as long as the user's email address was known. By exploiting this vulnerability, an administrator account could be used to access sensitive information such as classified documents, project calendars, supplier classifications and data on 14,000 users.
- 06/02/2023 eaton-works.com
- 07/02/2023 bleepingcomputer.com
- 07/02/2023 securityweek.com
- 07/02/2023 portswigger.net
- 07/02/2023 underc0de.org
- 08/02/2023 ciberseguridadlatam.com