CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,578 vulnerabilities with CWE-639
CVE-2020-11589
HIGH
Cipplanner Cipace < 9.1 - IDOR
CVSS 7.5
CVE-2020-11585
MEDIUM
Dnnsoftware Dotnetnuke - Information Disclosure
CVSS 4.3
CVE-2020-7918
MEDIUM
Totemo totemomail 7.0.0 - Info Disclosure
CVSS 5.4
CVE-2020-9468
MEDIUM
Piwigo - IDOR
CVSS 4.3
CVE-2020-5539
MEDIUM
GRANDIT - Info Disclosure
CVSS 6.5
CVE-2020-8503
MEDIUM
Biscom SFT <5.1.1067, <6.0.1003 - IDOR
CVSS 6.5
CVE-2020-5194
MEDIUM
Cerberusftp FTP Server - IDOR
CVSS 5.4
CVE-2020-6859
MEDIUM
Ultimatemember Ultimate Member < 2.1.2 - IDOR
CVSS 5.3
CVE-2019-25487
CRITICAL
SAPIDO RB-1732 V2.0.43 - RCE
CVSS 9.8
CVE-2019-25235
CRITICAL
Smartwares HOME easy <1.0.9 - Auth Bypass
CVSS 9.8
CVE-2019-19755
CRITICAL
ethOS <1.3.3 - Info Disclosure
CVSS 9.1
CVE-2019-15310
CRITICAL
Linkplay - OS Command Injection
CVSS 9.8
CVE-2019-18626
MEDIUM
Harris Ormed Self Service <2019.1.4 - Info Disclosure
CVSS 4.3
CVE-2019-19946
MEDIUM
Dradis - IDOR
CVSS 6.5
CVE-2019-19866
HIGH
Atos Unify Openscape UC Web Client - IDOR
CVSS 7.5
CVE-2019-18998
HIGH
ABB Asset Suite <9.4.2.6-9.6.0 - Info Disclosure
CVSS 7.1
CVE-2019-5466
MEDIUM
Gitlab < 11.11.7 - IDOR
CVSS 4.3
CVE-2019-15582
MEDIUM
Gitlab < 12.1.12 - IDOR
CVSS 5.3
CVE-2019-15581
MEDIUM
Gitlab < 12.1.12 - IDOR
CVSS 5.3
CVE-2019-20209
HIGH
Cththemes Citybook < 2.3.4 - XSS
CVSS 7.5
CVE-2019-19259
MEDIUM
GitLab EE <12.5 - Info Disclosure
CVSS 4.3
CVE-2019-15913
CRITICAL
Xiaomi Devices - Info Disclosure/DoS
CVSS 9.8
CVE-2019-5469
MEDIUM
Gitlab < 11.11.6 - IDOR
CVSS 6.5
CVE-2019-19616
MEDIUM
Microsoft Dynamics NAV <2017 - IDOR
CVSS 4.3
CVE-2019-16546
MEDIUM
Jenkins Google Compute Engine Plugin <4.1.1 - Man-in-the-middle
CVSS 5.9
Details
Vulnerabilities
1,578
Exploit Likelihood
High