Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-29 | CVE-2020-11009 | Authorization Bypass Through User-Controlled Key vulnerability in Pagerduty Rundeck In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. | 6.5 |
| 2020-04-15 | CVE-2020-11659 | Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | 4.3 |
| 2020-04-15 | CVE-2020-11658 | Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | 9.8 |
| 2020-04-14 | CVE-2020-9384 | Authorization Bypass Through User-Controlled Key vulnerability in Subex ROC Partner Settlement 10.5 An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. | 8.8 |
| 2020-04-06 | CVE-2020-11589 | Authorization Bypass Through User-Controlled Key vulnerability in Cipplanner Cipace 6.80 An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 7.5 |
| 2020-04-06 | CVE-2020-11585 | Authorization Bypass Through User-Controlled Key vulnerability in Dnnsoftware Dotnetnuke 9.5.0 There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. | 4.3 |
| 2020-03-27 | CVE-2020-7918 | Authorization Bypass Through User-Controlled Key vulnerability in Totemo Totemomail 7.0.0 An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. | 5.4 |
| 2020-03-26 | CVE-2020-9468 | Authorization Bypass Through User-Controlled Key vulnerability in Piwigo 2.9.0 The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. | 4.3 |
| 2020-03-25 | CVE-2019-18626 | Authorization Bypass Through User-Controlled Key vulnerability in Harriscomputer Ormed MIS Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more. | 4.3 |
| 2020-03-16 | CVE-2019-19946 | Authorization Bypass Through User-Controlled Key vulnerability in Dradisframework Dradis 3.4.1 The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team. | 6.5 |