Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-18 | CVE-2022-26665 | Authorization Bypass Through User-Controlled Key vulnerability in Tylertech Odyssey Portal An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. | 7.5 |
| 2022-04-16 | CVE-2022-29287 | Authorization Bypass Through User-Controlled Key vulnerability in Kentico Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. | 4.9 |
| 2022-04-14 | CVE-2022-22190 | Authorization Bypass Through User-Controlled Key vulnerability in Juniper Paragon Active Assurance Control Center 3.1.0 An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. | 7.5 |
| 2022-04-07 | CVE-2021-46416 | Authorization Bypass Through User-Controlled Key vulnerability in SMA Sunny Tripower Firmware 3.10.16.R Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling. | 8.1 |
| 2022-04-06 | CVE-2022-27108 | Authorization Bypass Through User-Controlled Key vulnerability in Orangehrm 4.10 OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. | 4.3 |
| 2022-04-01 | CVE-2022-22331 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Partner Engagement Manager 6.2.0 IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). | 7.1 |
| 2022-03-30 | CVE-2021-38362 | Authorization Bypass Through User-Controlled Key vulnerability in RSA Archer In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. | 6.5 |
| 2022-03-27 | CVE-2022-26254 | Authorization Bypass Through User-Controlled Key vulnerability in Wowonder 4.0 WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. | 5.3 |
| 2022-03-16 | CVE-2021-43957 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. | 7.5 |
| 2022-03-07 | CVE-2022-0442 | Authorization Bypass Through User-Controlled Key vulnerability in Ayecode Userswp The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. | 4.3 |