Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-18 | CVE-2020-15958 | Authorization Bypass Through User-Controlled Key vulnerability in 1Crm 8.5.7/8.6.7 An issue was discovered in 1CRM System through 8.6.7. | 8.6 |
| 2020-08-31 | CVE-2020-12643 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Xchange Appsuite OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. | 4.3 |
| 2020-08-11 | CVE-2020-10779 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Cloudforms 4.7/5.0.0 Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. | 6.5 |
| 2020-07-15 | CVE-2020-13923 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 | 5.3 |
| 2020-07-13 | CVE-2020-14174 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. | 4.3 |
| 2020-07-01 | CVE-2019-15310 | Authorization Bypass Through User-Controlled Key vulnerability in Linkplay An issue was discovered on various devices via the Linkplay firmware. | 9.8 |
| 2020-06-24 | CVE-2020-13700 | Authorization Bypass Through User-Controlled Key vulnerability in ACF to Rest API Project ACF to Rest API An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. | 7.5 |
| 2020-05-12 | CVE-2020-8154 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | 7.7 |
| 2020-05-07 | CVE-2020-5743 | Authorization Bypass Through User-Controlled Key vulnerability in Tecnick Tcexam 14.2.2 Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. | 4.3 |
| 2020-05-04 | CVE-2020-8791 | Authorization Bypass Through User-Controlled Key vulnerability in Oklok Project Oklok 3.1.1 The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. | 6.5 |