CWE-639— Authorization Bypass Through User-Controlled Key (IDOR)
1,571 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-639page 2 of 32
- CVE-2019-17604MEDIUMCVSS 4.3EG 4.32019-11-07
An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal in…
- CVE-2019-17605HIGHCVSS 8.8EG 8.82019-11-07
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The o…
- CVE-2019-18626MEDIUMCVSS 4.3EG 4.32020-03-25
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitiv…
- CVE-2019-18998HIGHCVSS 7.1EG 7.12020-02-17
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's UR…
- CVE-2019-19259MEDIUMCVSS 4.3EG 4.32020-01-03
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).
- CVE-2019-19616MEDIUMCVSS 4.3EG 4.32019-12-06
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the…
- CVE-2019-19755CRITICALCVSS 9.1EG 9.12024-04-30
ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated t…
- CVE-2019-19866HIGHCVSS 7.5EG 7.52020-02-21
Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can e…
- CVE-2019-19946MEDIUMCVSS 6.5EG 6.52020-03-16
The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.
- CVE-2019-20209HIGHCVSS 7.5EG 7.52020-01-13
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
- CVE-2019-25235CRITICALCVSS 9.8EG 9.82025-12-24
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to…
- CVE-2019-5466MEDIUMCVSS 4.3EG 4.32020-01-28
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
- CVE-2019-5469MEDIUMCVSS 6.5EG 6.52019-12-18
An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.
- CVE-2019-5966MEDIUMCVSS 5.4EG 5.42019-07-05
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors.
- CVE-2019-6716CRITICALCVSS 9.4EG 9.42019-03-21
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end…
- CVE-2019-7854HIGHCVSS 7.5EG 7.52019-08-02
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.
- CVE-2019-7864MEDIUMCVSS 5.3EG 5.32019-08-02
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
- CVE-2019-7872MEDIUMCVSS 6.5EG 6.52019-08-02
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privi…
- CVE-2019-7890HIGHCVSS 7.3EG 7.32019-08-02
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
- CVE-2019-7925MEDIUMCVSS 4.9EG 4.92019-08-02
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloa…
- CVE-2019-7950HIGHCVSS 7.5EG 7.52019-08-02
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrar…
- CVE-2019-8235MEDIUMCVSS 6.5EG 6.52019-10-30
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of anot…
- CVE-2019-9170MEDIUMCVSS 5.3EG 5.32019-04-17
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
- CVE-2019-9219LOWCVSS 3.7EG 3.72019-04-17
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).
- CVE-2019-9756CRITICALCVSS 9.8EG 9.82019-04-17
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-…
- CVE-2019-9921MEDIUMCVSS 6.5EG 6.52019-03-29
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.
- CVE-2019-9938MEDIUMCVSS 5.3EG 5.32019-03-22
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device…
- CVE-2020-10130HIGHCVSS 8.8EG 8.82023-09-06
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
- CVE-2020-10779MEDIUMCVSS 6.5EG 6.52020-08-11
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sen…
- CVE-2020-10800HIGHCVSS 8.1EG 8.12020-03-21
lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field.
- CVE-2020-11009MEDIUMCVSS 6.5EG 6.52020-04-29
In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could …
- CVE-2020-11585MEDIUMCVSS 4.3EG 4.32020-04-06
There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones…
- CVE-2020-11589HIGHCVSS 7.5EG 7.52020-04-06
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users o…
- CVE-2020-11658CRITICALCVSS 9.8EG 9.82020-04-15
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
- CVE-2020-11659MEDIUMCVSS 4.3EG 4.32020-04-15
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
- CVE-2020-12643MEDIUMCVSS 4.3EG 4.32020-08-31
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
- CVE-2020-13357MEDIUMCVSS 4.3EG 4.32020-12-11
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.
- CVE-2020-13462MEDIUMCVSS 5.7EG 5.72021-02-09
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.
- CVE-2020-13700HIGHCVSS 7.5EG 9.02020-06-24
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive informa…
- CVE-2020-13923MEDIUMCVSS 5.3EG 5.32020-07-15
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04
- CVE-2020-13998MEDIUMCVSS 5.3EG 5.32020-06-11
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affe…
- CVE-2020-14174MEDIUMCVSS 4.3EG 4.32020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versi…
- CVE-2020-15958HIGHCVSS 8.6EG 8.62020-09-18
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL.
- CVE-2020-16088CRITICALCVSS 9.8EG 9.82020-07-28
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
- CVE-2020-16194MEDIUMCVSS 5.3EG 5.32021-02-04
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and in…
- CVE-2020-16240MEDIUMCVSS 5.3EG 5.32020-09-23
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such func…
- CVE-2020-19890MEDIUMCVSS 4.9EG 4.92020-08-24
DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content.
- CVE-2020-20183HIGHCVSS 7.5EG 7.52020-12-14
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.
- CVE-2020-23446MEDIUMCVSS 5.3EG 5.32020-09-22
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
- CVE-2020-23449HIGHCVSS 7.5EG 7.52021-01-26
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.
Map vulnerabilities like CWE-639 to your infrastructure
EchelonGraph correlates every CVE — across CWE-639 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →