Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,830 vulnerabilities with CWE-639

CVE-2021-40355 HIGH

Teamcenter 12.4-13.2 - Insecure Direct Object Reference

CVE-2021-37184 CRITICAL

Industrial Edge Management < 1.3 - Unauthenticated Password Change via User Impersonation

CVE-2021-33981 MEDIUM

Fish | Hunt FL < 3.8.0 - Authenticated Insecure Direct Object Reference in License Retrieval

CVE-2021-37628 HIGH

Nextcloud Richdocuments < 3.8.4 - Authorization Bypass via File Drop Feature

CVE-2021-37631 MEDIUM

Nextcloud Deck < 1.2.9 - Authorization Bypass via Circle Membership Check

CVE-2021-37630 MEDIUM

Nextcloud Circles < 0.19.5 - Unauthenticated Authorization Bypass via Secret Circle Join

CVE-2021-36032 HIGH

Magento Commerce <2.4.2-2.3.7 - Privilege Escalation

CVE-2021-40352 MEDIUM

OpenEMR 6.0.0 - Unauthenticated Insecure Direct Object Reference via pnotes_print.php noteid Parameter

CVE-2021-22023 HIGH

VMware vRealize Operations Manager 8.0.0-8.4.x - Authenticated Account Takeover via Insecure Object Reference

CVE-2021-24562 HIGH

LifterLMS < 4.21.2 - Authorization Bypass via Student Answer and Grade Exposure

CVE-2021-37709 MEDIUM

Shopware < 6.4.3.1 - Insecure Direct Object Reference in Import/Export Log Files

CVE-2021-37215 MEDIUM

Flygo < 1.91.1 - Authenticated Insecure Direct Object Reference via Employee ID Parameter

CVE-2021-37214 HIGH

Flygo < 1.91.1 - Authenticated Authorization Bypass and Remote Code Execution via Employee ID Parameter

CVE-2021-37213 MEDIUM

Flygo < 1.91.1 - Authenticated Insecure Direct Object Reference via Check-in Record Parameters

CVE-2021-37212 MEDIUM

larvata flygo < 1.91.1 - Authenticated Insecure Direct Object Reference via Bulletin ID Parameter

CVE-2021-36801 HIGH

Akaunting < 2.1.12 - Authentication Bypass via companies[0] Field

CVE-2021-24473 MEDIUM

User Profile Picture < 2.6.0 - Authorization Bypass via Profile Picture ID Manipulation

CVE-2021-32744 CRITICAL

Collabora Online <4.2.17-1, 6.4.9-5 - Info Disclosure

CVE-2021-35337 MEDIUM

Phone Shop Sales Management System 1.0 - Insecure Direct Object Reference via ID Parameter

CVE-2021-24374 MEDIUM

Jetpack < 9.8 - Unauthenticated Information Disclosure via Carousel Module Comments

CVE-2021-22906 MEDIUM

Nextcloud <1.5.3, 1.6.3, 1.7.1 - DoS

CVE-2021-31927 MEDIUM

Annex Cloud Loyalty Experience Platform < 2021.1.0.1 - Authenticated Insecure Direct Object Reference

CVE-2021-31970 MEDIUM

Windows 10, 8.1, RT 8.1, Server 2012, 2016, 2019 - Authorization Bypass via TCP/IP Driver

CVE-2021-32654 HIGH

Nextcloud Server <19.0.11-21.0.2 - Privilege Escalation

CVE-2021-24318 MEDIUM

Listeo < 1.6.11 - Authenticated Arbitrary Post/Page and Booking Deletion via IDOR

Previous Page 67 of 74 Next

Details

Vulnerabilities 1,830

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy