Insecure Direct Object References (IDOR) Vulnerability in DevExpress ASP.NET Web Forms Build v19.2.3

Insecure Direct Object References (IDOR) Vulnerability in DevExpress ASP.NET Web Forms Build v19.2.3

CVE-2022-41479 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code.

Learn more about our Web App Pen Testing.