6.5
CVE-2013-7435
- EPSS 0.19%
- Veröffentlicht 01.02.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 02:00:59
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Evergreen-ils ≫ Evergreen Version < 2.5.9
Evergreen-ils ≫ Evergreen Version >= 2.6.0 < 2.6.7
Evergreen-ils ≫ Evergreen Version >= 2.7.0 < 2.7.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.414 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.