CVE-2020-13462

Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...

PT-2021-2949 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to an insecure direct object reference IDOR in the product module, which could lead to unauthorized...

Adobe Magento 授权问题漏洞

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

CVE-2020-16194

An Insecure Direct Object Reference IDOR vulnerability was found in Prestashop Opart devis 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the deliveryaddress and invoiceaddress fields...

CVE-2020-16194

CVE-2020-16194 concerns an Insecure Direct Object Reference (IDOR) in Prestashop Opart devis versions before 4.0.2. Unauthenticated attackers can access any user’s invoice and delivery address by exploiting IDOR on the delivery_address and invoice_address fields. The vulnerability is documented a...

CVE-2021-26024

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...

CVE-2021-26024

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...

Design/Logic Flaw

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...

CVE-2021-26024

Technical details about CVE-2021-26024 are not publicly provided in the supplied documents. Monitor for updates.

Atlassian Jira Server and Data Center Access Control Error Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center that allows remote attackers to view metadata on boards...

Nagios XI Security Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in the Favorites component of Nagios XI 5.8.0 before 1.0.2, which stems fr...

Atlassian Jira Server and Data Center 输入验证错误漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center that allows remote attackers to view metadata on boards...

CVE-2020-29446

Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5...

Atlassian Fisheye and Crucible Information Disclosure Vulnerabilities

Atlassian Fisheye and Crucible are both products of Atlassian Australia.Atlassian Fisheye is a deep source code viewer.Crucible is a code review tool. A security vulnerability exists in Atlassian Fisheye and Atlassian Crucible, which can be exploited by an attacker to browse local files via an...

CVE-2021-21013 Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's accou...

CVE-2021-21012 Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the checkout module. Successful exploitation could lead to sensitive information disclosure...

IBM Cloud Pak System Information Disclosure Vulnerability

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. An information disclosure vulnerability exists in IBM Cloud Pak System 2.3. The vulnerability originates from an insecure direct object reference in the Sales and Service Consol...

CVE-2020-4918

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392...

Information disclosure

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392...

CVE-2020-4918

IBM Cloud Pak System 2.3 contains an information-disclosure flaw stemming from an insecure direct object reference in the Sales and Service Console of the Platform System Manager. A local privileged user could disclose sensitive data. Affected versions: Cloud Pak System 2.3 (per CVE-2020-4918). C...