Primary

Context

BOLD Workplanner Insecure Direct Object Reference Vulnerability

Vulnerability

An Insecure Direct Object Reference (IDOR) vulnerability exists in BOLD Workplanner versions prior to 2.5.25. This vulnerability arises from insufficient validation of user input, enabling an authenticated user to access detailed time records using unauthorized internal identifiers. The accessed information includes employee numbers, names, national identity numbers, clock-in records, holiday requests, and absence details for any employee within the organization.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive employee time record details, including personal identification information and attendance records, using internal identifiers that should not be accessible to the user.

Remediation

Users can upgrade to BOLD Workplanner version 2.5.25 or later to address this vulnerability.

Added: Sep 30, 2025, 12:15 PM

Updated: Sep 30, 2025, 12:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BOLD Workplanner Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating