Primary

Context

OutSystems Lifetime Authorization Bypass Vulnerability Allowing Unauthorized Access to Change Logs

Vulnerability

Patched

A vulnerability in OutSystems Lifetime prior to version 11.28.2.3955 allows for authorization bypass through user-controlled keys in the ApplicationID parameter. This issue enables any authenticated user to access the Change Log, which contains details of actions taken by other users, as well as the names of all applications. The vulnerability arises from insufficient validation of user input, which could be exploited to bypass authorization controls.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive application change logs, allowing users to view actions performed by others and details about various applications.

Remediation

Users can upgrade to OutSystems Lifetime version 11.28.2.3955 or later to address this vulnerability.

Added: May 26, 2026, 7:53 PM

Updated: May 26, 2026, 7:53 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.9

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.9

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OutSystems Lifetime Authorization Bypass Vulnerability Allowing Unauthorized Access to Change Logs

Vulnerability

Impact

Remediation

Affected Products

OutSystems Lifetime

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating