Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2020-5743 | Authorization Bypass Through User-Controlled Key vulnerability in Tecnick Tcexam 14.2.2 Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. | 4.3 |
| 2020-05-04 | CVE-2020-8791 | Authorization Bypass Through User-Controlled Key vulnerability in Oklok Project Oklok 3.1.1 The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. | 6.5 |
| 2020-04-29 | CVE-2020-11009 | Authorization Bypass Through User-Controlled Key vulnerability in Pagerduty Rundeck In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. | 6.5 |
| 2020-04-15 | CVE-2020-11659 | Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | 4.3 |
| 2020-04-15 | CVE-2020-11658 | Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | 9.8 |
| 2020-04-14 | CVE-2020-9384 | Authorization Bypass Through User-Controlled Key vulnerability in Subex ROC Partner Settlement 10.5 An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. | 8.8 |
| 2020-04-06 | CVE-2020-11589 | Authorization Bypass Through User-Controlled Key vulnerability in Cipplanner Cipace 6.80 An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 7.5 |
| 2020-04-06 | CVE-2020-11585 | Authorization Bypass Through User-Controlled Key vulnerability in Dnnsoftware Dotnetnuke 9.5.0 There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. | 4.3 |
| 2020-03-27 | CVE-2020-7918 | Authorization Bypass Through User-Controlled Key vulnerability in Totemo Totemomail 7.0.0 An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. | 5.4 |
| 2020-03-26 | CVE-2020-9468 | Authorization Bypass Through User-Controlled Key vulnerability in Piwigo 2.9.0 The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. | 4.3 |