This vulnerability allows attackers to enumerate Sitecore items and extract sensitive configuration information through the ItemService API. Even when the API runs under restricted users, attackers can still extract information using blind enumeration techniques similar to SQL injection.
