Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,830 vulnerabilities with CWE-639

CVE-2020-26175 MEDIUM

tangro Business Workflow < 1.18.1 - Authorization Bypass via PERSON Parameter Manipulation

CVE-2020-26173 LOW

Tangro Business Workflow < 1.18.1 - Unauthenticated Document Download via Valid Document ID and Token

CVE-2020-26171 MEDIUM

tangro Business Workflow < 1.18.1 - Authorization Bypass via Document ID Manipulation

CVE-2020-20183 HIGH

Zyxel P1302-T10 v3 Firmware 2.00(ABBX.3) - Authorization Bypass via Insecure Direct Object Reference

CVE-2020-13357 MEDIUM

Gitlab CE/EE <13.4.7/<13.5.5/<13.6.2 - Info Disclosure

CVE-2020-27663 MEDIUM

GLPI < 9.5.3 - Insecure Direct Object Reference via ajax/getDropdownValue.php

CVE-2020-27662 MEDIUM

GLPI < 9.5.3 - Insecure Direct Object Reference via ajax/comments.php

CVE-2020-26068 MEDIUM

Cisco RoomOS and Telepresence CE 9.10.0-9.10.3 - Authenticated Access Token Generation via xAPI Service

CVE-2020-27742 MEDIUM

Citadel WebCit <= 926 - Authenticated Insecure Direct Object Reference via msg_confirm_move Template

CVE-2020-8235 MEDIUM

Nextcloud Deck <1.0.4 - Info Disclosure

CVE-2020-16240 MEDIUM

GE Digital APM Classic <= 4.4 - Unauthenticated Sensitive Data Exposure via Insecure Direct Object Reference

CVE-2020-23446 MEDIUM

Verint Workforce Optimization <15.1 - Info Disclosure

CVE-2020-15958 HIGH

1crm < 8.6.7 - Unauthenticated Insecure Direct Object Reference

CVE-2020-12643 MEDIUM

OX App Suite <7.10.3 - Info Disclosure

CVE-2020-19890 MEDIUM

DBHcms 1.2.0 - Arbitrary File Read via mod.editor.php File Parameter

CVE-2020-10779 MEDIUM

Red Hat CloudForms 4.7 and 5 - Authorization Bypass via Insecure Direct Object Reference

CVE-2020-13923 MEDIUM

Apache OFBiz < 17.12.04 - Insecure Direct Object Reference in Ecommerce Order Processing

CVE-2020-14174 MEDIUM

Atlassian Jira <7.13.16, 8.0.0-8.5.7, 8.6.0-8.9.2, 8.10.0-8.10.1 - Insecure Direct Object Reference

CVE-2020-13700 HIGH

acf-to-rest-api < 3.1.0 - Insecure Direct Object Reference via Permalinks Manipulation

CVE-2020-13998 MEDIUM

Citrix XenApp 6.5 - Unauthenticated User Enumeration via 2FA Error Page

CVE-2020-8154 HIGH

Nextcloud Server <18.0.2 - Info Disclosure

CVE-2020-5743 MEDIUM

TCExam 14.2.2 - Authenticated Authorization Bypass via Resource Identifier Manipulation

CVE-2020-8791 MEDIUM

OKLOK 3.1.1 - Authorization Bypass via User-Controlled Token

CVE-2020-11009 MEDIUM

Rundeck < 3.2.6 - Authenticated Authorization Bypass via Execution Data and Logs

CVE-2020-11659 MEDIUM

CA API Developer Portal <= 4.3.1 - Authorization Bypass via User-Controlled Key

Previous Page 69 of 74 Next

Details

Vulnerabilities 1,830

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy