The Insecure Direct Object Reference Vulnerabilities

The cyber security infrastructure security agency SISA with its global partners did publish an advisory calling out insecure direct object reference. This is a vulnerability that we have seen in traditional web applications for at least the two three decades as long as these applications exist and developers just don't seem to learn. And then the miscellaneous updates sort of for the weekend we do have updates from Sophos for its UTM appliance fixes a number of vulnerabilities nothing super critical but interesting.