CVE-2020-29031

CVE-2020-29031 affects Secomea GateManager web UI. An Insecure Direct Object Reference allows an authenticated attacker to reset the password of any user in its domain or sub-domain via privilege escalation, impacting GateManager versions prior to 9.2c. The issue is evidenced across multiple sour...

CVE-2021-21022 Magento Commerce Incorrect permissions Could Lead To Unauthorized Access

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object reference IDOR in the product module. Successful exploitation could lead to unauthorized access to restricted resources...

CVE-2020-13462

Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...

CVE-2020-13462

Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...

CVE-2020-13462

Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...

Adobe Magento 授权问题漏洞

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

CVE-2020-16194

CVE-2020-16194 concerns an Insecure Direct Object Reference (IDOR) in Prestashop Opart devis versions before 4.0.2. Unauthenticated attackers can access any user’s invoice and delivery address by exploiting IDOR on the delivery_address and invoice_address fields. The vulnerability is documented a...

CVE-2021-26024

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...

Design/Logic Flaw

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...

CVE-2021-26024

Technical details about CVE-2021-26024 are not publicly provided in the supplied documents. Monitor for updates.

Atlassian Jira Server and Data Center Access Control Error Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center that allows remote attackers to view metadata on boards...

Nagios XI Security Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in the Favorites component of Nagios XI 5.8.0 before 1.0.2, which stems fr...

Atlassian Jira Server and Data Center 输入验证错误漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center that allows remote attackers to view metadata on boards...

Atlassian Fisheye and Crucible Information Disclosure Vulnerabilities

Atlassian Fisheye and Crucible are both products of Atlassian Australia.Atlassian Fisheye is a deep source code viewer.Crucible is a code review tool. A security vulnerability exists in Atlassian Fisheye and Atlassian Crucible, which can be exploited by an attacker to browse local files via an...

CVE-2021-21013 Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's accou...

CVE-2021-21012 Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the checkout module. Successful exploitation could lead to sensitive information disclosure...

CVE-2020-4918

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392...

CVE-2020-4918

IBM Cloud Pak System 2.3 contains an information-disclosure flaw stemming from an insecure direct object reference in the Sales and Service Console of the Platform System Manager. A local privileged user could disclose sensitive data. Affected versions: Cloud Pak System 2.3 (per CVE-2020-4918). C...

IBM Cloud Pak System 代码问题漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. An information disclosure vulnerability exists in IBM Cloud Pak System 2.3. The vulnerability originates from an insecure direct object reference in the Sales and Service Consol...

Security Bulletin: Vulnerabilities have been addressed in IBM Cloud Pak System (Dec 2020)

Summary Multiple vulnerabilities have been identified and addressed in IBM Cloud Pak System. Vulnerability Details CVEID: CVE-2020-4928 DESCRIPTION: IBM Cloud Pak System could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention...