CWE-639 - Authorization Bypass Through User-Controlled Key

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Latest vulnerabilities for CWE-639

IBM DataStage on Cloud Pak for Data update for Apache ZooKeeper 2025-06-13
Medium Yes

Authorization bypass through user-controlled key in FortiPortal 2025-06-11
Low Yes

Multiple vulnerabilities in Cisco Unified Intelligence Center and Unified Contact Center Express 2025-05-22
Medium Yes

Insecure Direct Object Reference in Download manager extension for TYPO3 2025-05-21
Medium Yes

Insecure Direct Object Reference in femanager extension for TYPO3 2025-05-21
Medium Yes

Multiple vulnerabilities in Front End User Registration extension for TYPO3 2025-05-21
High Yes

Multiple vulnerabilities in IBM Knowledge Catalog for IBM Cloud Pak for Data 2025-05-09
High Yes Public exploit

Multiple vulnerabilities in Growatt cloud portal 2025-04-30
High Yes

Information disclosure in Synology Media Server 2025-04-11
High Yes

Spoofing attack in ManageEngine Endpoint Central 2025-04-07
Low Yes

References

Description of CWE-639 on Mitre website