CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,578 vulnerabilities with CWE-639
CVE-2020-26171
MEDIUM
Tangro Business Workflow < 1.18.1 - IDOR
CVSS 4.3
CVE-2020-20183
HIGH
Zyxel P1302-t10 V3 Firmware - IDOR
CVSS 7.5
CVE-2020-13357
MEDIUM
Gitlab CE/EE <13.4.7/<13.5.5/<13.6.2 - Info Disclosure
CVSS 4.3
CVE-2020-27663
MEDIUM
GLPI <9.5.3 - Info Disclosure
CVSS 4.3
CVE-2020-27662
MEDIUM
GLPI <9.5.3 - Info Disclosure
CVSS 4.3
CVE-2020-26068
MEDIUM
Cisco Roomos < 9.10.3 - IDOR
CVSS 5.5
CVE-2020-27742
MEDIUM
Citadel Webcit < 926 - IDOR
CVSS 6.5
CVE-2020-8235
MEDIUM
Nextcloud Deck <1.0.4 - Info Disclosure
CVSS 4.3
CVE-2020-16240
MEDIUM
Asset Performance Management Classic < 4.4 - IDOR
CVSS 5.3
CVE-2020-23446
MEDIUM
Verint Workforce Optimization <15.1 - Info Disclosure
CVSS 5.3
CVE-2020-15958
HIGH
1crm < 8.6.7 - IDOR
CVSS 8.6
CVE-2020-12643
MEDIUM
OX App Suite <7.10.3 - Info Disclosure
CVSS 4.3
CVE-2020-19890
MEDIUM
Dbhcms - Missing Authorization
CVSS 4.9
CVE-2020-10779
MEDIUM
Red Hat CloudForms <5 - IDOR
CVSS 6.5
CVE-2020-13923
MEDIUM
Apache Ofbiz < 17.12.04 - IDOR
CVSS 5.3
CVE-2020-14174
MEDIUM
Atlassian Jira < 7.13.16 - IDOR
CVSS 4.3
CVE-2020-13700
HIGH
Acf TO Rest API < 3.1.0 - IDOR
CVSS 7.5
CVE-2020-13998
MEDIUM
Citrix Xenapp - Information Disclosure
CVSS 5.3
CVE-2020-8154
HIGH
Nextcloud Server <18.0.2 - Info Disclosure
CVSS 7.7
CVE-2020-5743
MEDIUM
TCExam 14.2.2 - Info Disclosure
CVSS 4.3
CVE-2020-8791
MEDIUM
OKLOK (3.1.1) - Open Redirect
CVSS 6.5
CVE-2020-11009
MEDIUM
Rundeck <3.2.6 - Info Disclosure
CVSS 6.5
CVE-2020-11659
MEDIUM
Broadcom CA API Developer Portal < 4.3.1 - IDOR
CVSS 4.3
CVE-2020-11658
CRITICAL
Broadcom CA API Developer Portal < 4.3.1 - IDOR
CVSS 9.8
CVE-2020-9384
HIGH
Subex Roc Partner Settlement - IDOR
CVSS 8.8
Details
Vulnerabilities
1,578
Exploit Likelihood
High