6.5

CVE-2013-7435

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Evergreen-ilsEvergreen Version < 2.5.9
Evergreen-ilsEvergreen Version >= 2.6.0 < 2.6.7
Evergreen-ilsEvergreen Version >= 2.7.0 < 2.7.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.2% 0.802
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
Release Notes
Issue Tracking
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
Release Notes
Issue Tracking
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
Release Notes
Issue Tracking
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
Release Notes
Issue Tracking
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
http://www.openwall.com/lists/oss-security/2015/03/04/3
Third Party Advisory
Mailing List
Issue Tracking
https://bugs.launchpad.net/evergreen/+bug/1206589
Patch
Issue Tracking