Primary

Context

BOLD Workplanner Insecure Direct Object Reference Vulnerability

Vulnerability

A Insecure Direct Object Reference (IDOR) vulnerability exists in BOLD Workplanner by Global Planning Solutions, in versions prior to 2.5.25. This vulnerability allows authenticated users to access sensitive contract details by exploiting inadequate validation of user input. The issue arises from the use of unauthorized internal identifiers, enabling access to information such as employee data and contract dates.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive employee and contract information, including personal identifiers and attendance records, through the misuse of internal identifiers.

Remediation

Users are advised to update BOLD Workplanner to version 2.5.25 or later.

Added: Sep 30, 2025, 12:13 PM

Updated: Sep 30, 2025, 12:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BOLD Workplanner Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating