⚠️Cornerstone OnDemand LMS v24.2.5.32 | Insecure Direct Object Reference (IDOR) Disclosures
Discoverer: Dan Gilbert, Giovanni Heward
Summary of Findings
Insecure Direct Object Reference (IDOR) in
LaunchVideo.aspxCVE-202#-#####
Insecure Direct Object Reference (IDOR) in
Terminate.aspxCVE-202#-#####
Timeline
Reported to Vendor: Oct 23rd, 2024
Patched: TBD
Published: TBD
Last updated