Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,830 vulnerabilities with CWE-639

CVE-2021-4142 MEDIUM

Candlepin 3.1.0-3.1.28-2 - Authentication Bypass via SCA Certificate

CVE-2021-24655 HIGH

WP User Manager < 2.6.3 - Authenticated Password Reset Authorization Bypass

CVE-2021-24800 MEDIUM

DW Question & Answer Pro <1.3.4 - Info Disclosure

CVE-2021-46416 HIGH

SUNNY TRIPOWER 5.0 - Info Disclosure

CVE-2021-38362 MEDIUM

RSA Archer <6.9.3.0 - Info Disclosure

CVE-2021-43957 HIGH

Atlassian Fisheye & Crucible <4.8.9 - Info Disclosure

CVE-2021-41111 MEDIUM

Rundeck <3.4.5-3.3.15 - Info Disclosure

CVE-2021-46249 MEDIUM

scratchoauth2 < 2021-04-12 - Authorization Bypass via User-Controlled Key in SpecificApps REST API

CVE-2021-3813 MEDIUM

GitHub chatwoot/chatwoot < 2.2 - Privilege Escalation

CVE-2021-25096 MEDIUM

IP2Location Country Blocker <2.26.5 - Auth Bypass

CVE-2021-41608 HIGH

SelectSurvey.NET < 5.052.000 - Unauthenticated File Disclosure via UploadedImageDisplay.aspx ID Parameter

CVE-2021-44836 MEDIUM

Delta RM 1.2 - Unauthenticated Authorization Bypass via /risque/risque/workflow/reset Endpoint

CVE-2021-3965 HIGH

HP DesignJet T920 T930 T1530 T2530 T3500 Z6800 - Unauthenticated Print Job Preview Exposure

CVE-2021-3852 HIGH

Growi < 4.4.7 - Authorization Bypass Through User-Controlled Key

CVE-2021-45428 CRITICAL

TLR-2005KSH Firmware - Unauthenticated Arbitrary File Upload via PUT Method

CVE-2021-44160 HIGH

Carinal Tien Hospital Health Report System - Unauthenticated Authorization Bypass via Cookie Parameter

CVE-2021-40579 MEDIUM

Online Enrollment Management System <1.0 - Privilege Escalation

CVE-2021-24739 HIGH

Logo Carousel WP <3.4.2 - Info Disclosure

CVE-2021-43828 HIGH

PatrowlManager < 1.7.7 - Unauthenticated Information Disclosure via Predictable Import Filename

CVE-2021-43820 HIGH

Seafile Server < 8.0.8 and < 8.0.15 - Authorization Bypass via Sync Token Cache

CVE-2021-44949 CRITICAL

glFusion CMS 1.7.9 - Access Control Bypass via users.php

CVE-2021-39934 MEDIUM

GitLab 12.10-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Unauthorized Service Desk Email Address Disclosure

CVE-2021-39916 MEDIUM

GitLab 14.1-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Authenticated External Status Check Configuration Exposure

CVE-2021-3964 MEDIUM

elgg < 3.3.22 - Authorization Bypass Through User-Controlled Key

CVE-2021-3992 MEDIUM

kimai2 < 1.16.2 - Improper Access Control

Previous Page 65 of 74 Next

Details

Vulnerabilities 1,830

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy