CWE-425 - Direct Request ('Forced Browsing')

Description

Web application isn't able to conduct proper compliance of limited URLs, scripts or files authorization and applies authorization only at certain points in the path that allows attackers to gain privileges, read and modify application data and execute case or command.
The weakness is introduced during Architecture and Design, Implementation, Operation stages.

Latest vulnerabilities for CWE-425

Direct Request ('Forced Browsing') in IBM Jazz for Service Management 2024-02-16
Medium Yes

Multiple vulnerabilities in Siemens SCALANCE M-800/S615 Family 2023-12-14
Low No

Multiple vulnerabilities in Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family 2023-11-22
Medium Yes

Information disclosure in Wagtail 2023-10-20
Low Yes

Information disclosure in Jupyter Notebook 2022-06-22
Low Yes

Multiple vulnerabilities in Carrier LenelS2 HID Mercury access panels 2022-06-03
Medium Yes

Multiple vulnerabilities in Carrier LenelS2 HID Mercury access panels 2022-06-03
High Yes

Stack-based buffer overflow when parsing HTTP POST requests in IMS-LANTIME M3000 2016-06-29
High Yes

References

Description of CWE-425 on Mitre website