While performing AWS penetration tests, we’ve repeatedly encountered a need for a tool to manually review and audit IAM permission policies. IAM Permissions can be spread out over multiple inline and managed policies, contain…
Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability due to an overly broad filter pattern used in the API authorization filters.
By appending a crafted string to the API URL, users with no privileges can…