Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-25 | CVE-2022-1461 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. | 6.5 |
| 2022-04-25 | CVE-2022-1459 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. | 8.3 |
| 2022-04-18 | CVE-2022-26665 | Authorization Bypass Through User-Controlled Key vulnerability in Tylertech Odyssey Portal An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. | 7.5 |
| 2022-04-16 | CVE-2022-29287 | Authorization Bypass Through User-Controlled Key vulnerability in Kentico Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. | 4.9 |
| 2022-04-14 | CVE-2022-22190 | Authorization Bypass Through User-Controlled Key vulnerability in Juniper Paragon Active Assurance Control Center 3.1.0 An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. | 7.5 |
| 2022-04-07 | CVE-2021-46416 | Authorization Bypass Through User-Controlled Key vulnerability in SMA Sunny Tripower Firmware 3.10.16.R Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling. | 8.1 |
| 2022-04-06 | CVE-2022-27108 | Authorization Bypass Through User-Controlled Key vulnerability in Orangehrm 4.10 OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. | 4.3 |
| 2022-04-04 | CVE-2022-1165 | Authorization Bypass Through User-Controlled Key vulnerability in Plugin-Planet Blackhole for BAD Bots The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. | 9.1 |
| 2022-04-01 | CVE-2022-22331 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Partner Engagement Manager 6.2.0 IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). | 7.1 |
| 2022-03-30 | CVE-2021-38362 | Authorization Bypass Through User-Controlled Key vulnerability in RSA Archer In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. | 6.5 |