Severity: Critical

Description: SAS Fraud Management contains an Insecure Direct Object Reference (IDOR) vulnerability.

Potential Impact: This vulnerability allows user enumeration when a user without sufficient privileges submits a REST call with the session cookie from a privileged user.