Primary

Context

BOLD Workplanner Insecure Direct Object Reference Vulnerability

Vulnerability

A Insecure Direct Object Reference (IDOR) vulnerability has been identified in BOLD Workplanner by Global Planning Solutions (GPS), affecting versions prior to 2.5.25. This vulnerability allows authenticated users to access sensitive information such as employee details and records using unauthorized internal identifiers, due to inadequate validation of user input in the general enquiry web service.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive employee information and records, including personal details and time management data.

Remediation

Users can upgrade to BOLD Workplanner version 2.5.25 to address this vulnerability.

Added: Sep 30, 2025, 12:12 PM

Updated: Sep 30, 2025, 12:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BOLD Workplanner Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating