CWE-650 · Trusting HTTP Permission Methods on the Server Side
10 CVEs classified under CWE-650 (Trusting HTTP Permission Methods on the Server Side). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-28787 | High | 8.7 | 2024-04-04 | IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive priva… |
CVE-2025-21120 | High | 8.3 | 2025-08-04 | Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low pri… |
CVE-2026-44548 | High | 8.1 | 2026-05-12 | ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete… |
CVE-2024-45098 | Medium | 6.8 | 2024-09-05 | IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. |
CVE-2024-45097 | Medium | 5.9 | 2024-09-05 | IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. |
CVE-2023-50327 | Medium | 5.3 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID… |
CVE-2022-38115 | Medium | 5.3 | 2022-11-23 | Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT |
CVE-2026-42543 | Medium | 4.3 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a… |
CVE-2024-45282 | Medium | 4.3 | 2024-10-08 | Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an ODat… |
CVE-2024-56339 | Low | 3.7 | 2025-08-07 | IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restri… |