What is the difference: BOLA vs IDOR

“BOLA” (Broken Object Level Authorization) and “IDOR” (Insecure Direct Object References) are both security vulnerabilities that relate to improper handling of user permissions in web applications, but they are recognized in slightly different contexts.