Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-04 | CVE-2021-37777 | Authorization Bypass Through User-Controlled Key vulnerability in Gilacms Gila CMS 2.2.0 Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). | 7.5 |
| 2021-10-01 | CVE-2021-41847 | Authorization Bypass Through User-Controlled Key vulnerability in 3Xlogic Infinias Access Control 6.7.10708.0 An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. | 8.8 |
| 2021-09-30 | CVE-2021-41298 | Authorization Bypass Through User-Controlled Key vulnerability in Ecoa products ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. | 8.8 |
| 2021-09-30 | CVE-2021-41301 | Authorization Bypass Through User-Controlled Key vulnerability in Ecoa products ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. | 9.8 |
| 2021-09-27 | CVE-2021-36874 | Authorization Bypass Through User-Controlled Key vulnerability in Stylemixthemes Ulisting Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). | 8.8 |
| 2021-09-15 | CVE-2021-29773 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Security Guardium 10.6/11.3 IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). | 5.4 |
| 2021-09-15 | CVE-2021-38624 | Authorization Bypass Through User-Controlled Key vulnerability in Microsoft products Windows Key Storage Provider Security Feature Bypass Vulnerability | 6.5 |
| 2021-09-14 | CVE-2021-37184 | Authorization Bypass Through User-Controlled Key vulnerability in Siemens Industrial Edge Management A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). | 9.8 |
| 2021-09-14 | CVE-2021-40355 | Authorization Bypass Through User-Controlled Key vulnerability in Siemens Teamcenter Visualization A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). | 8.8 |
| 2021-09-08 | CVE-2021-33981 | Authorization Bypass Through User-Controlled Key vulnerability in Myfwc Fish | Hunt FL An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses. | 4.3 |