This vulnerability in Reuters Direct arises from missing authorization controls due to incorrectly configured access control security levels. It allows unauthorized users to perform actions that could alter data or system state without proper permissions. The CVSS 3.1 base score is 5.3 (medium), reflecting network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, limited integrity impact, and no availability impact. The affected versions include all releases up to 3.0.0. No patch or remediation information is currently available.

The vulnerability allows unauthorized modification or tampering with data or system operations within Reuters Direct, potentially leading to integrity issues. There is no impact on confidentiality or availability. No known exploits have been reported, so active exploitation is not confirmed.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to Reuters Direct to trusted users only and monitor for unusual activity related to access control. Avoid exposing the affected versions to untrusted networks if possible.