Java : Insecure direct object references

Classification

OWASP ASVS

Access Control Access Control Access Control Access Control Access Control

CWE

CWE-639

Overview

Insecure Direct Object Reference is an access control problem which allows an attacker to view data by manipulating an identifier (for example, a document or account number).

Direct object references are maps of an identifier to a resource; they are insecure direct object references if they allow an unauthorized user to access data.

References

Insecure Direct Object Reference
CWE-639: Authorization Bypass Through User-Controlled Key
What are insecure direct object references (IDOR)?

MEDIUM

Java : Insecure direct object references

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Java : Insecure direct object references in your application?

See also

Java : Race condition

Java : Text4Shell Vulnerability

Java : JNI usage