CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,575 vulnerabilities with CWE-639
CVE-2023-44981
CRITICAL
Apache Zookeeper < 3.7.2 - IDOR
CVSS 9.1
CVE-2023-44249
MEDIUM
Fortinet Fortianalyzer < 6.2.12 - IDOR
CVSS 4.3
CVE-2023-42455
HIGH
Wazuh-dashboard < 4.4.2 - IDOR
CVSS 8.8
CVE-2023-26237
MEDIUM
WatchGuard EPDR <8.0.21.0002 - Privilege Escalation
CVSS 6.7
CVE-2023-2544
MEDIUM
UPV Peix - IDOR
CVSS 5.3
CVE-2023-32669
MEDIUM
Buddyboss - IDOR
CVSS 5.4
CVE-2023-4101
HIGH
Qsige - IDOR
CVSS 8.8
CVE-2023-4099
HIGH
QSige Monitor - Info Disclosure
CVSS 7.6
CVE-2023-38872
LOW
gugoan Economizzer <0.9-beta1 - IDOR
CVSS 3.7
CVE-2023-4934
HIGH
Usta Aybs < 1.0.3 - IDOR
CVSS 8.8
CVE-2023-44206
CRITICAL
Acronis Cyber Protect < 15 - IDOR
CVSS 9.1
CVE-2023-44205
MEDIUM
Acronis Cyber Protect < 15 - IDOR
CVSS 5.3
CVE-2023-44154
HIGH
Acronis Cyber Protect <35979 - Info Disclosure
CVSS 8.1
CVE-2023-42334
MEDIUM
Fl3xx Crew - IDOR
CVSS 6.5
CVE-2023-4213
HIGH
Simplr Registration Form Plus+ <2.4.5 - Info Disclosure
CVSS 8.8
CVE-2023-41368
LOW
S4 HANA Manage checkbook apps <108 - SSRF
CVSS 2.7
CVE-2023-4587
HIGH
ZKTeco ZEM800 <6.60 - Info Disclosure
CVSS 8.3
CVE-2023-2173
MEDIUM
BadgeOS plugin <3.7.1.6 - Info Disclosure
CVSS 6.5
CVE-2023-2172
MEDIUM
BadgeOS <3.7.1.6 - Info Disclosure
CVSS 4.3
CVE-2023-0689
MEDIUM
Wpmet Metform Elementor Contact Form Builder - Information Disclosure
CVSS 4.3
CVE-2023-38201
MEDIUM
Keylime Registrar - Auth Bypass
CVSS 6.5
CVE-2023-32078
HIGH
Gravitl Netmaker < 0.17.1 - IDOR
CVSS 7.5
CVE-2023-27576
MEDIUM
Phplist - IDOR
CVSS 6.7
CVE-2023-28481
HIGH
Tigergraph Enterprise 3.7.0 - Info Disclosure
CVSS 8.8
CVE-2023-37543
HIGH
Cacti < 1.2.6 - IDOR
CVSS 7.5
Details
Vulnerabilities
1,575
Exploit Likelihood
High