Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-18 | CVE-2020-26171 | Authorization Bypass Through User-Controlled Key vulnerability in Tangro Business Workflow 1.17.5 In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. | 4.3 |
| 2020-12-14 | CVE-2020-20183 | Authorization Bypass Through User-Controlled Key vulnerability in Zyxel P1302-T10 V3 Firmware 2.00 Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. | 7.5 |
| 2020-12-11 | CVE-2020-13357 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project. | 4.3 |
| 2020-11-26 | CVE-2020-27663 | Authorization Bypass Through User-Controlled Key vulnerability in Glpi-Project Glpi In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.). | 4.3 |
| 2020-11-26 | CVE-2020-27662 | Authorization Bypass Through User-Controlled Key vulnerability in Glpi-Project Glpi In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.). | 4.3 |
| 2020-11-18 | CVE-2020-26068 | Authorization Bypass Through User-Controlled Key vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. | 6.5 |
| 2020-10-28 | CVE-2020-27742 | Authorization Bypass Through User-Controlled Key vulnerability in Citadel Webcit An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. | 6.5 |
| 2020-10-05 | CVE-2020-8235 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck 1.0.4 Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | 4.3 |
| 2020-09-23 | CVE-2020-16240 | Authorization Bypass Through User-Controlled Key vulnerability in GE Asset Performance Management Classic 4.4 GE Digital APM Classic, Versions 4.4 and prior. | 5.3 |
| 2020-09-22 | CVE-2020-23446 | Authorization Bypass Through User-Controlled Key vulnerability in Verint Workforce Optimization 15.1.0.37634 Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API | 5.3 |