CVE-2011-4311

EPSS 0.18%
Veröffentlicht 19.11.2011 03:58:55
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Montala ≫ Resourcespace Version <= 4.2.2816

Montala ≫ Resourcespace Version2.2.1240

Montala ≫ Resourcespace Version2.3.1374

Montala ≫ Resourcespace Version3.0.1490

Montala ≫ Resourcespace Version3.1.1557

Montala ≫ Resourcespace Version3.2.1651

Montala ≫ Resourcespace Version3.3.1723

Montala ≫ Resourcespace Version3.4.1794

Montala ≫ Resourcespace Version3.5.1857

Montala ≫ Resourcespace Version3.6.2022

Montala ≫ Resourcespace Version3.7.2088

Montala ≫ Resourcespace Version3.8.2144

Montala ≫ Resourcespace Version3.9.2269

Montala ≫ Resourcespace Version4.0.2429

Montala ≫ Resourcespace Version4.1.2567

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.361

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://openwall.com/lists/oss-security/2011/11/13/2

http://openwall.com/lists/oss-security/2011/11/14/3

http://www.resourcespace.org/download.php

Patch

https://nvd.nist.gov/vuln/detail/CVE-2011-4311

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4311

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4311

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2011-4311