Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2023-38054 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). | 8.1 |
| 2024-07-09 | CVE-2023-38055 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). | 8.1 |
| 2024-07-09 | CVE-2023-3286 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. | 6.5 |
| 2024-07-09 | CVE-2023-3287 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. | 8.8 |
| 2024-07-09 | CVE-2023-3288 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. | 8.8 |
| 2024-07-09 | CVE-2023-3289 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). | 6.5 |
| 2024-07-09 | CVE-2023-3290 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. | 5.0 |
| 2024-06-30 | CVE-2024-31898 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. | 5.4 |
| 2024-06-29 | CVE-2024-5942 | Authorization Bypass Through User-Controlled Key vulnerability in Carlosfazenda Page and Post Clone The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. | 5.4 |
| 2024-06-27 | CVE-2024-1107 | Authorization Bypass Through User-Controlled Key vulnerability in Talyabilisim Travel Apps Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68. | 9.8 |