Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-27 | CVE-2020-7918 | Authorization Bypass Through User-Controlled Key vulnerability in Totemo Totemomail 7.0.0 An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. | 5.4 |
| 2020-03-26 | CVE-2020-9468 | Authorization Bypass Through User-Controlled Key vulnerability in Piwigo 2.9.0 The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. | 4.3 |
| 2020-03-25 | CVE-2019-18626 | Authorization Bypass Through User-Controlled Key vulnerability in Harriscomputer Ormed MIS Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more. | 4.3 |
| 2020-03-16 | CVE-2019-19946 | Authorization Bypass Through User-Controlled Key vulnerability in Dradisframework Dradis 3.4.1 The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team. | 6.5 |
| 2020-03-02 | CVE-2020-5539 | Authorization Bypass Through User-Controlled Key vulnerability in Grandit GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors. | 6.5 |
| 2020-02-21 | CVE-2019-19866 | Authorization Bypass Through User-Controlled Key vulnerability in Atos Unify Openscape UC web Client 10.0/9.0 Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. | 7.5 |
| 2020-02-17 | CVE-2019-18998 | Authorization Bypass Through User-Controlled Key vulnerability in Hitachienergy Asset Suite 9.0.0/9.5.0/9.6.0 Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. | 7.1 |
| 2020-01-31 | CVE-2020-8503 | Authorization Bypass Through User-Controlled Key vulnerability in Biscom Secure File Transfer Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. | 6.5 |
| 2020-01-28 | CVE-2019-5466 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. | 4.3 |
| 2020-01-28 | CVE-2019-15582 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. | 5.3 |