2 matches found
CVE-2024-10953
An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of...
CVE-2022-45164
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...