TikTok: Ability to change permissions across seller platform

An Insecure Direct Object Reference IDOR vulnerability was found on the "Post" request on a TikTok Seller endpoint, which could have resulted in any user having the ability to change the "Finance Specialist" role permission. We thank @imrannisar for reporting this to our team...

TikTok: IDOR the ability to view support tickets of any user on seller platform

Due to an Insecure Direct Object Reference IDOR vulnerability, an attacker could have potentially viewed support tickets on seller platform. We thank @lewaperbb for reporting this to our team...