Vulnerabilities (CVE)

Filtered by vendor Endalia Subscribe
Filtered by product Selection Portal
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35577 1 Endalia 1 Selection Portal 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).