Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-03 | CVE-2023-4099 | Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0 The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. | 6.5 |
| 2023-10-03 | CVE-2023-4101 | Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0 The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. | 6.5 |
| 2023-09-28 | CVE-2023-38872 | Authorization Bypass Through User-Controlled Key vulnerability in Economizzer 0.9/April2023 An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. | 3.7 |
| 2023-09-27 | CVE-2023-44154 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 15 Sensitive information disclosure and manipulation due to improper authorization. | 8.1 |
| 2023-09-27 | CVE-2023-44205 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 15 Sensitive information disclosure due to improper authorization. | 5.3 |
| 2023-09-27 | CVE-2023-44206 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 15 Sensitive information disclosure and manipulation due to improper authorization. | 9.1 |
| 2023-09-20 | CVE-2023-42334 | Authorization Bypass Through User-Controlled Key vulnerability in Fl3Xx Crew and Dispatch An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. | 6.5 |
| 2023-09-06 | CVE-2020-10130 | Authorization Bypass Through User-Controlled Key vulnerability in Searchblox SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | 8.8 |
| 2023-09-04 | CVE-2023-4587 | Authorization Bypass Through User-Controlled Key vulnerability in Zkteco Zem800 Firmware 6.60 An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. | 5.5 |
| 2023-08-14 | CVE-2023-28481 | Authorization Bypass Through User-Controlled Key vulnerability in Tigergraph 3.7.0 An issue was discovered in Tigergraph Enterprise 3.7.0. | 8.8 |