CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,576 vulnerabilities with CWE-639
CVE-2021-37631
MEDIUM
Nextcloud Deck < 1.2.9 - IDOR
CVSS 6.5
CVE-2021-37630
MEDIUM
Nextcloud Circles < 0.19.5 - IDOR
CVSS 6.5
CVE-2021-36032
HIGH
Magento Commerce <2.4.2-2.3.7 - Privilege Escalation
CVSS 8.3
CVE-2021-40352
MEDIUM
OpenEMR 6.0.0 - Info Disclosure
CVSS 6.5
CVE-2021-22023
HIGH
Vmware Cloud Foundation < 3.10.2.1 - IDOR
CVSS 7.2
CVE-2021-24562
HIGH
Lifterlms < 4.21.2 - IDOR
CVSS 7.5
CVE-2021-37709
MEDIUM
Shopware < 6.4.3.1 - Log Information Exposure
CVSS 6.5
CVE-2021-37215
MEDIUM
Flygo - Privilege Escalation
CVSS 4.3
CVE-2021-37214
HIGH
Flygo - Privilege Escalation
CVSS 8.8
CVE-2021-37213
MEDIUM
Flygo - Info Disclosure
CVSS 4.3
CVE-2021-37212
MEDIUM
Flygo - Info Disclosure
CVSS 5.4
CVE-2021-36801
HIGH
Akaunting < 2.1.12 - IDOR
CVSS 8.1
CVE-2021-24473
MEDIUM
Cozmoslabs User Profile Picture < 2.6.0 - IDOR
CVSS 5.4
CVE-2021-32744
CRITICAL
Collabora Online <4.2.17-1, 6.4.9-5 - Info Disclosure
CVSS 9.8
CVE-2021-35337
MEDIUM
Phone Shop Sales Management System - IDOR
CVSS 4.3
CVE-2021-24374
MEDIUM
Automattic Jetpack < 9.8 - IDOR
CVSS 5.3
CVE-2021-22906
MEDIUM
Nextcloud <1.5.3, 1.6.3, 1.7.1 - DoS
CVSS 6.5
CVE-2021-31927
MEDIUM
Annexcloud Loyalty Experience Platform < 2020.1.0.1 - IDOR
CVSS 4.3
CVE-2021-31970
MEDIUM
Microsoft Windows 10 - IDOR
CVSS 5.5
CVE-2021-32654
HIGH
Nextcloud Server <19.0.11-21.0.2 - Privilege Escalation
CVSS 8.1
CVE-2021-24318
MEDIUM
Purethemes Listeo < 1.6.11 - Improper Access Control
CVSS 6.5
CVE-2021-21324
MEDIUM
Glpi < 9.5.4 - IDOR
CVSS 6.8
CVE-2021-21255
MEDIUM
GLPI <9.5.3 - Info Disclosure
CVSS 5.8
CVE-2021-21022
MEDIUM
Magento <2.4.1-2.3.6 - IDOR
CVSS 5.3
CVE-2021-26024
MEDIUM
Nagios Favorites < 1.0.2 - IDOR
CVSS 5.3
Details
Vulnerabilities
1,576
Exploit Likelihood
High