Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2019-18998 | Authorization Bypass Through User-Controlled Key vulnerability in Hitachienergy Asset Suite 9.0.0/9.5.0/9.6.0 Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. | 7.1 |
| 2020-01-31 | CVE-2020-8503 | Authorization Bypass Through User-Controlled Key vulnerability in Biscom Secure File Transfer Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. | 6.5 |
| 2020-01-28 | CVE-2019-5466 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. | 4.3 |
| 2020-01-28 | CVE-2019-15582 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. | 5.3 |
| 2020-01-28 | CVE-2019-15581 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | 5.3 |
| 2020-01-14 | CVE-2020-5194 | Authorization Bypass Through User-Controlled Key vulnerability in Cerberusftp FTP Server 8.0 The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. | 5.4 |
| 2020-01-13 | CVE-2019-20209 | Authorization Bypass Through User-Controlled Key vulnerability in Cththemes Citybook, Easybook and Townhub The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing. | 7.5 |
| 2020-01-13 | CVE-2020-6859 | Authorization Bypass Through User-Controlled Key vulnerability in Ultimatemember Ultimate Member Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. | 5.3 |
| 2020-01-03 | CVE-2019-19259 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR). | 4.3 |
| 2019-12-20 | CVE-2019-15913 | Authorization Bypass Through User-Controlled Key vulnerability in MI products An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. | 9.8 |