Automated scanners do not have knowledge of the levels of roles or access available on the application and hence will never be able to spot these vulnerabilities. So manual intervention will always be required.
