5.8
CVE-2010-1040
- EPSS 1.07%
- Veröffentlicht 23.03.2010 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:17:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.07% | 0.606 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://jvn.jp/en/jp/JVN06874657/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html
http://secunia.com/advisories/38857
http://www.ipa.go.jp/security/vuln/alert/201003_openpne.html
http://www.openpne.jp/archives/4612/