2025-10-07 12:21:37
INCIBE
PUBLISHED
Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure (BBMRI-ERIC). This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the userID parameter in /api/v3/users/