Vulnerabilities > Authorization Bypass Through User-Controlled Key
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-03 | CVE-2023-4099 | Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0 The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. | 6.5 |
2023-10-03 | CVE-2023-4101 | Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0 The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. | 6.5 |
2023-09-28 | CVE-2023-38872 | Authorization Bypass Through User-Controlled Key vulnerability in Economizzer 0.9/April2023 An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. | 3.7 |
2023-09-27 | CVE-2023-44154 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 15 Sensitive information disclosure and manipulation due to improper authorization. | 8.1 |
2023-09-27 | CVE-2023-44205 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 15 Sensitive information disclosure due to improper authorization. | 5.3 |
2023-09-27 | CVE-2023-44206 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 15 Sensitive information disclosure and manipulation due to improper authorization. | 9.1 |
2023-09-27 | CVE-2023-4934 | Authorization Bypass Through User-Controlled Key vulnerability in Usta Aybs Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before 1.0.3. | 8.8 |
2023-09-20 | CVE-2023-42334 | Authorization Bypass Through User-Controlled Key vulnerability in Fl3Xx Crew and Dispatch An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. | 6.5 |
2023-09-13 | CVE-2023-4213 | Authorization Bypass Through User-Controlled Key vulnerability in Mikevanwinkle Simplr Registration Form Plus+ The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. | 8.8 |
2023-09-12 | CVE-2023-41368 | Authorization Bypass Through User-Controlled Key vulnerability in SAP S/4 Hana The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call. | 5.3 |