CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

Design/Logic Flaw

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

CVE-2022-23061

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin although this cannot happen according to the documentation via Insecure Direct Object Reference IDOR vulnerability...

CVE-2022-22331

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability IDOR. IBM X-Force ID: 219130...

CVE-2022-22331

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability IDOR. IBM X-Force ID: 219130...

Design/Logic Flaw

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability IDOR. IBM X-Force ID: 219130...

CVE-2022-22331

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability IDOR. IBM X-Force ID: 219130...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to insecure direct object exploitation (CVE-2022-22331)

Summary IBM Sterling Partner Engagement Manager CVE-2022-22331 is vulnerable to insecure direct object exploitation. The issue has been addressed and users are strongly advised to apply remediation. Vulnerability Details CVEID: CVE-2022-22331 DESCRIPTION: IBM Sterling Partner Engagement Manager...

CVE-2022-1176

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96...

livehelperchat 安全漏洞

livehelperchat is a live support available for free on the website through Live Helper Chat. A security vulnerability exists in livehelperchat versions prior to 3.96 that stems from a loose comparison leading to IDOR on multiple endpoints. an attacker can bypass multiple checks to access other...

CVE-2022-22331

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability IDOR. IBM X-Force ID: 219130...

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

Design/Logic Flaw

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

CVE-2021-38362

CVE-2021-38362 affects RSA Archer 6.x up to 6.9 SP3 (6.9.3.0). An authenticated attacker can issue a GET to a vulnerable REST API endpoint, exploiting an Insecure Direct Object Reference (IDOR) to retrieve sensitive data. The cited sources describe the vulnerability and affected version range but...

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

RSA Archer 安全漏洞

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all of our enterprise assets, as well as some of the monitored information, and organize it into a unified platform,...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An insecure direct object reference vulnerability exists in OpenEMR versions prior...