CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,576 vulnerabilities with CWE-639
CVE-2021-3380
MEDIUM
Height8tech H8 Ssrms - IDOR
CVSS 6.5
CVE-2021-24840
MEDIUM
Squaretype WordPress <3.0.4 - Info Disclosure
CVSS 5.3
CVE-2021-41307
HIGH
Atlassian Jira < 8.13.12 - IDOR
CVSS 7.5
CVE-2021-41306
HIGH
Atlassian Jira < 8.13.12 - IDOR
CVSS 7.5
CVE-2021-41305
HIGH
Atlassian Jira < 8.13.12 - IDOR
CVSS 7.5
CVE-2021-39225
HIGH
Nextcloud Deck < 1.2.9 - Missing Authorization
CVSS 8.1
CVE-2021-36389
HIGH
Yellowfin <9.6.1 - Info Disclosure
CVSS 7.5
CVE-2021-36388
HIGH
Yellowfin <9.6.1 - Info Disclosure
CVSS 7.5
CVE-2021-36387
MEDIUM
Yellowfin <9.6.1 - XSS
CVSS 5.4
CVE-2021-20599
CRITICAL
MELSEC iQ-R - Info Disclosure
CVSS 9.1
CVE-2021-41129
HIGH
Pterodactyl - Auth Bypass
CVSS 8.1
CVE-2021-41120
HIGH
sylius/paypal-plugin - Info Disclosure
CVSS 7.5
CVE-2021-39889
MEDIUM
Gitlab < 14.1.7 - IDOR
CVSS 4.3
CVE-2021-37777
HIGH
Gilacms Gila Cms - IDOR
CVSS 7.5
CVE-2021-37331
MEDIUM
Bookingcore Booking Core - IDOR
CVSS 5.3
CVE-2021-41847
HIGH
3xlogic Infinias Access Control < 6.7.10708.0 - IDOR
CVSS 8.8
CVE-2021-41301
CRITICAL
Ecoa Ecs Router Controller-ecs Firmware - Information Disclosure
CVSS 9.8
CVE-2021-41298
HIGH
ECOA BAS controller - Info Disclosure
CVSS 8.8
CVE-2021-36874
HIGH
Stylemixthemes Ulisting < 2.0.5 - IDOR
CVSS 7.1
CVE-2021-29773
MEDIUM
IBM Security Guardium - IDOR
CVSS 5.4
CVE-2021-38624
MEDIUM
Windows Key Storage Provider - Privilege Escalation
CVSS 6.5
CVE-2021-40355
HIGH
Teamcenter <12.4.0.8, <13.0.0.7, <13.1.0.5, <13.2.0 - IDOR
CVSS 8.8
CVE-2021-37184
CRITICAL
Siemens Industrial Edge Management < 1.3 - IDOR
CVSS 9.8
CVE-2021-33981
MEDIUM
Myfwc Fish | Hunt FL < 3.8.0 - IDOR
CVSS 4.3
CVE-2021-37628
HIGH
Nextcloud Richdocuments < 3.8.4 - IDOR
CVSS 7.5
Details
Vulnerabilities
1,576
Exploit Likelihood
High