Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-18 | CVE-2020-26068 | Authorization Bypass Through User-Controlled Key vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. | 6.5 |
| 2020-10-28 | CVE-2020-27742 | Authorization Bypass Through User-Controlled Key vulnerability in Citadel Webcit An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. | 6.5 |
| 2020-10-05 | CVE-2020-8235 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck 1.0.4 Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | 4.3 |
| 2020-09-22 | CVE-2020-23446 | Authorization Bypass Through User-Controlled Key vulnerability in Verint Workforce Optimization 15.1.0.37634 Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API | 5.3 |
| 2020-09-18 | CVE-2020-15958 | Authorization Bypass Through User-Controlled Key vulnerability in 1Crm 8.5.7/8.6.7 An issue was discovered in 1CRM System through 8.6.7. | 8.6 |
| 2020-08-31 | CVE-2020-12643 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Xchange Appsuite OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. | 4.3 |
| 2020-08-11 | CVE-2020-10779 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Cloudforms 4.7/5.0.0 Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. | 6.5 |
| 2020-07-15 | CVE-2020-13923 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 | 5.3 |
| 2020-07-13 | CVE-2020-14174 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. | 4.3 |
| 2020-07-01 | CVE-2019-15310 | Authorization Bypass Through User-Controlled Key vulnerability in Linkplay An issue was discovered on various devices via the Linkplay firmware. | 9.8 |