Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,830 vulnerabilities with CWE-639

CVE-2021-36329 MEDIUM

Dell EMC Streaming Data Platform <1.3 - Info Disclosure

CVE-2021-24892 HIGH

Advanced Forms <1.6.9 - Privilege Escalation

CVE-2021-22967 HIGH

Concrete CMS <8.5.7 - Info Disclosure

CVE-2021-22951 HIGH

Concrete CMS <8.5.7 - Info Disclosure

CVE-2021-3380 MEDIUM

ICREM H8 SSRMS - Insecure Direct Object Reference via Print Invoice Functionality

CVE-2021-24840 MEDIUM

Squaretype WordPress <3.0.4 - Info Disclosure

CVE-2021-41307 HIGH

Atlassian Jira <8.13.12, 8.14.0-8.20.0 - Unauthenticated Private Project/Filter Exposure via Gadget

CVE-2021-41306 HIGH

Atlassian Jira <8.13.12, 8.14.0-8.20.0 - Unauthenticated Private Project/Filter Name Exposure

CVE-2021-41305 HIGH

Atlassian Jira < 8.13.12 - Unauthenticated Private Project and Filter Name Exposure

CVE-2021-39225 HIGH

Nextcloud Deck < 1.2.9, 1.4.5, 1.5.3 - Authenticated Authorization Bypass

CVE-2021-36389 HIGH

Yellowfin < 9.6.1 - Insecure Direct Object Reference via MIImage.i4

CVE-2021-36388 HIGH

Yellowfin < 9.6.1 - Insecure Direct Object Reference via MIIAvatarImage.i4

CVE-2021-36387 MEDIUM

Yellowfin < 9.6.1 - Stored Cross-Site Scripting via Video Embed Functionality

CVE-2021-20599 CRITICAL

MELSEC iQ-R Safety and Process CPU Firmware - Unauthenticated Cleartext Transmission of Sensitive Information

CVE-2021-41129 HIGH

Pterodactyl Panel 1.0.0-1.6.1 - Authentication Bypass via Two-Factor Confirmation Token Manipulation

CVE-2021-41120 HIGH

sylius/paypal-plugin - Info Disclosure

CVE-2021-39889 MEDIUM

GitLab 14.1.0-14.1.7 - Authorization Bypass via Protected Branch ID

CVE-2021-37777 HIGH

Gila CMS 2.2.0 - Insecure Direct Object Reference via Thumbnail Upload

CVE-2021-37331 MEDIUM

Booking Core 2.0 - Incorrect Access Control via Verification Page URL Manipulation

CVE-2021-41847 HIGH

3xLogic Infinias Access Control < 6.7.10708.0 - Authorization Bypass via Modified API Requests

CVE-2021-41301 CRITICAL

ECOA BAS Controller - Unauthenticated Sensitive Information Disclosure via Direct Object Reference

CVE-2021-41298 HIGH

ECOA BAS controller - Info Disclosure

CVE-2021-36874 HIGH

uListing <= 2.0.5 - Authenticated Insecure Direct Object Reference

CVE-2021-29773 MEDIUM

IBM Security Guardium 10.6 and 11.3 - Authenticated Insecure Direct Object Reference

CVE-2021-38624 MEDIUM

Windows Key Storage Provider - Privilege Escalation

Previous Page 66 of 74 Next

Details

Vulnerabilities 1,830

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy