Register
Login
Toggle navigation
SaaS Solutions
Vulnerability Intelligence
Vulnerability Management
Pricing
Vulnerabilities
Reports
Blog
Contact Us
Main
Vulnerability Database
CWE List
CWE-639 - Authorization Bypass Through User-Controlled Key
Description
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Latest vulnerabilities for CWE-639
Multiple vulnerabilities in Siemens SiPass integrated
2025-10-23
High
Yes
Multiple vulnerabilities in IBM User Entity Behavior Analytics
2025-10-17
High
Yes
Public exploit
Multiple vulnerabilities in IBM Netezza Performance Server Replication Services
2025-09-24
High
Yes
Public exploit
Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
2025-08-14
Medium
Yes
IBM Storage Ceph update for Grafana
2025-08-05
Low
Yes
Authorization bypass through user-controlled key in Grafana
2025-08-04
Low
Yes
Insecure Direct Object Reference in powermail extension for TYPO3
2025-07-23
Medium
Yes
Insecure Direct Object Reference in femanager extension for TYPO3
2025-07-23
Medium
Yes
Information disclosure in Computer Vision Annotation Tool (CVAT)
2025-07-17
Medium
Yes
IBM DataStage on Cloud Pak for Data update for Apache ZooKeeper
2025-06-13
Medium
Yes
References
Description of CWE-639 on Mitre website