CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,576 vulnerabilities with CWE-639
CVE-2021-38362
MEDIUM
RSA Archer <6.9.3.0 - Info Disclosure
CVSS 6.5
CVE-2021-43957
HIGH
Atlassian Fisheye & Crucible <4.8.9 - Info Disclosure
CVSS 7.5
CVE-2021-41111
MEDIUM
Rundeck <3.4.5-3.3.15 - Info Disclosure
CVSS 6.4
CVE-2021-46249
MEDIUM
Scratchoauth2 < 2021-04-12 - IDOR
CVSS 6.5
CVE-2021-3813
MEDIUM
GitHub chatwoot/chatwoot < 2.2 - Privilege Escalation
CVSS 6.5
CVE-2021-25096
MEDIUM
IP2Location Country Blocker <2.26.5 - Auth Bypass
CVSS 6.5
CVE-2021-41608
HIGH
Classapps Selectsurvey.net < 5.052.000 - IDOR
CVSS 7.5
CVE-2021-44836
MEDIUM
Deltarm Delta RM - IDOR
CVSS 4.3
CVE-2021-3965
HIGH
HP Designjet T920 Cr355a Firmware - IDOR
CVSS 7.5
CVE-2021-3852
HIGH
growi - Auth Bypass
CVSS 7.5
CVE-2021-45428
CRITICAL
Telesquare Tlr-2005ksh Firmware - IDOR
CVSS 9.8
CVE-2021-44160
HIGH
CTH Carinal Tien Hospital Health Report System - IDOR
CVSS 7.3
CVE-2021-40579
MEDIUM
Online Enrollment Management System <1.0 - Privilege Escalation
CVSS 6.5
CVE-2021-24739
HIGH
Logo Carousel WP <3.4.2 - Info Disclosure
CVSS 8.1
CVE-2021-43828
HIGH
PatrOwl <1.77 - Info Disclosure
CVSS 7.5
CVE-2021-43820
HIGH
Seafile - Info Disclosure
CVSS 7.4
CVE-2021-44949
CRITICAL
Glfusion - IDOR
CVSS 9.8
CVE-2021-39934
MEDIUM
Gitlab < 14.3.6 - IDOR
CVSS 4.3
CVE-2021-39916
MEDIUM
Gitlab < 14.3.6 - IDOR
CVSS 4.3
CVE-2021-3964
MEDIUM
Elgg < 3.3.22 - IDOR
CVSS 5.9
CVE-2021-3992
MEDIUM
Kimai2 < 1.16.2 - Improper Access Control
CVSS 6.5
CVE-2021-36329
MEDIUM
Dell EMC Streaming Data Platform <1.3 - Info Disclosure
CVSS 6.5
CVE-2021-24892
HIGH
Advanced Forms <1.6.9 - Privilege Escalation
CVSS 8.8
CVE-2021-22967
HIGH
Concrete CMS <8.5.7 - Info Disclosure
CVSS 7.5
CVE-2021-22951
HIGH
Concrete CMS <8.5.7 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities
1,576
Exploit Likelihood
High