Bug #22305: [External Audit Findings][MLEB] Insecure Direct Object Reference Vulnerability (IDOR) - VELO Production Issue - S-MADP Customer Support & Information Center

Bug #22305

[External Audit Findings][MLEB] Insecure Direct Object Reference Vulnerability (IDOR)

Added by yap chekying about 13 hours ago.

Status:

New

Start date:

29 July 2025

Priority:

High

Due date:

Assignee:

Tan Hi Ann

% Done:

Category:

Spent time:

Target version:

Description

Issue:
The IDOR vulnerability occurs when an app exposes internal object references without access control. This allows attackers to access data by manipulating input values. If exploited, IDOR may lead to serious business data breaches.

Recommendation from pentester:
Developers must implement proper access control so that users can only access information or perform actions within a session that are defined by the access rights assigned to that session.

Please refer to attached excel for details.

Copy of Audit Findings - Silver lake - ver2.xlsx (5.15 MB) yap chekying, 29 July 2025 10:11 AM

Also available in: Atom PDF

OCBC NISP Velocity Mobile » VELO Production Issue

Issues

Custom queries

Bug #22305

[External Audit Findings][MLEB] Insecure Direct Object Reference Vulnerability (IDOR)