Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-11658 | Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | 9.8 |
| 2020-04-14 | CVE-2020-9384 | Authorization Bypass Through User-Controlled Key vulnerability in Subex ROC Partner Settlement 10.5 An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. | 8.8 |
| 2020-04-06 | CVE-2020-11589 | Authorization Bypass Through User-Controlled Key vulnerability in Cipplanner Cipace 6.80 An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 7.5 |
| 2020-04-06 | CVE-2020-11585 | Authorization Bypass Through User-Controlled Key vulnerability in Dnnsoftware Dotnetnuke 9.5.0 There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. | 4.3 |
| 2020-03-27 | CVE-2020-7918 | Authorization Bypass Through User-Controlled Key vulnerability in Totemo Totemomail 7.0.0 An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. | 5.4 |
| 2020-03-26 | CVE-2020-9468 | Authorization Bypass Through User-Controlled Key vulnerability in Piwigo 2.9.0 The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. | 4.3 |
| 2020-03-25 | CVE-2019-18626 | Authorization Bypass Through User-Controlled Key vulnerability in Harriscomputer Ormed MIS Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more. | 4.3 |
| 2020-03-16 | CVE-2019-19946 | Authorization Bypass Through User-Controlled Key vulnerability in Dradisframework Dradis 3.4.1 The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team. | 6.5 |
| 2020-03-02 | CVE-2020-5539 | Authorization Bypass Through User-Controlled Key vulnerability in Grandit GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors. | 6.5 |
| 2020-02-21 | CVE-2019-19866 | Authorization Bypass Through User-Controlled Key vulnerability in Atos Unify Openscape UC web Client 10.0/9.0 Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. | 7.5 |