Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-05 | CVE-2020-8235 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck 1.0.4 Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | 4.3 |
| 2020-09-22 | CVE-2020-23446 | Authorization Bypass Through User-Controlled Key vulnerability in Verint Workforce Optimization 15.1.0.37634 Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API | 5.3 |
| 2020-09-18 | CVE-2020-15958 | Authorization Bypass Through User-Controlled Key vulnerability in 1Crm 8.5.7/8.6.7 An issue was discovered in 1CRM System through 8.6.7. | 8.6 |
| 2020-08-31 | CVE-2020-12643 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Xchange Appsuite OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. | 4.3 |
| 2020-08-11 | CVE-2020-10779 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Cloudforms 4.7/5.0.0 Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. | 6.5 |
| 2020-07-15 | CVE-2020-13923 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 | 5.3 |
| 2020-07-13 | CVE-2020-14174 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. | 4.3 |
| 2020-07-01 | CVE-2019-15310 | Authorization Bypass Through User-Controlled Key vulnerability in Linkplay An issue was discovered on various devices via the Linkplay firmware. | 9.8 |
| 2020-06-24 | CVE-2020-13700 | Authorization Bypass Through User-Controlled Key vulnerability in ACF to Rest API Project ACF to Rest API An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. | 7.5 |
| 2020-05-12 | CVE-2020-8154 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | 7.7 |