4.6

CVE-2012-3527

EPSS 2.07%
Veröffentlicht 05.09.2012 23:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Typo3 ≫ Typo3 Version >= 4.5.0 < 4.5.19

Typo3 ≫ Typo3 Version >= 4.6.0 < 4.6.12

Typo3 ≫ Typo3 Version >= 4.7.0 < 4.7.4

Debian ≫ Debian Linux Version6.0

Debian ≫ Debian Linux Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.07%	0.833

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://osvdb.org/84773

Broken Link

http://secunia.com/advisories/50287

Not Applicable

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/

Vendor Advisory

http://www.debian.org/security/2012/dsa-2537

Third Party Advisory

http://www.openwall.com/lists/oss-security/2012/08/22/8

Mailing List

https://exchange.xforce.ibmcloud.com/vulnerabilities/77791

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2012-3527

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-3527

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-3527

EUVD