GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.).
The vulnerability classified as CWE-522 (Insufficiently Protected Credentials) results from improper configuration of environment variables in the backend layer of the GenX FX application. As a result of this misconfiguration, sensitive authentication data — including API keys and access tokens — may be disclosed to unauthorized parties. An attacker requiring no authentication or user interaction can remotely obtain this data over the network.
An attacker can gain unauthorized access to resources associated with accounts in cloud services (Google Cloud, Firebase, GitHub), which may lead to complete data compromise, infrastructure modification, or privilege escalation in cloud environments.
Apply patches available from the vendor according to references. Additionally, it is recommended to immediately review and correct the environment variables configuration, rotate all potentially exposed API keys and authentication tokens, and verify access logs to the associated cloud services.
GenX FX platform backend — versions specified in vendor references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H