CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,578 vulnerabilities with CWE-639
CVE-2021-21022
MEDIUM
Magento <2.4.1-2.3.6 - IDOR
CVSS 5.3
CVE-2021-26024
MEDIUM
Nagios Favorites < 1.0.2 - IDOR
CVSS 5.3
CVE-2021-21013
HIGH
Magento <2.4.1-2.3.6 - Info Disclosure
CVSS 8.1
CVE-2021-21012
MEDIUM
Magento <2.4.1-2.3.6 - Info Disclosure
CVSS 5.3
CVE-2020-37094
CRITICAL
EspoCRM 5.8.5 - Auth Bypass
CVSS 9.8
CVE-2020-37008
HIGH
EasyPMS 1.0.0 - Auth Bypass
CVSS 7.5
CVE-2020-36923
CRITICAL
Sony BRAVIA Digital Signage <1.7.8 - Path Traversal
CVSS 9.8
CVE-2020-36895
HIGH
EIBIZ i-Media Server Digital Signage 3.8.0 - Info Disclosure
CVSS 7.5
CVE-2020-10130
HIGH
Searchblox < 9.1 - IDOR
CVSS 8.8
CVE-2020-6641
MEDIUM
Fortinet Fortipresence < 20.1 - IDOR
CVSS 4.3
CVE-2020-26679
MEDIUM
vFairs 3.3 - XSS
CVSS 4.3
CVE-2020-36126
HIGH
Paxtechnology Paxstore - IDOR
CVSS 8.1
CVE-2020-23722
HIGH
FUEL CMS <1.4.7 - Privilege Escalation
CVSS 8.8
CVE-2020-8297
MEDIUM
Nextcloud Deck <1.0.2 - Info Disclosure
CVSS 4.3
CVE-2020-13462
MEDIUM
Tufin SecureChange <R20-2 GA - IDOR
CVSS 5.7
CVE-2020-16194
MEDIUM
Store-opart Op'art Devis < 4.0.2 - IDOR
CVSS 5.3
CVE-2020-36231
MEDIUM
Atlassian Jira < 8.5.10 - IDOR
CVSS 4.3
CVE-2020-23449
HIGH
newbee-mall - Privilege Escalation
CVSS 7.5
CVE-2020-29446
MEDIUM
Atlassian Fisheye & Crucible <4.8.5 - Info Disclosure
CVSS 5.3
CVE-2020-4918
MEDIUM
IBM Cloud Pak System < 2.3.3.3 - IDOR
CVSS 4.4
CVE-2020-35849
HIGH
Mantisbt < 2.24.4 - IDOR
CVSS 7.5
CVE-2020-29156
MEDIUM
Woocommerce < 4.7.0 - IDOR
CVSS 5.3
CVE-2020-26178
MEDIUM
Tangro Business Workflow < 1.18.1 - IDOR
CVSS 5.3
CVE-2020-26175
MEDIUM
Tangro Business Workflow < 1.18.1 - IDOR
CVSS 6.5
CVE-2020-26173
LOW
Tangro Business Workflow < 1.18.1 - Missing Authentication
CVSS 3.1
Details
Vulnerabilities
1,578
Exploit Likelihood
High