6.5
CVE-2014-1398
- EPSS 0.38%
- Veröffentlicht 10.04.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 02:04:12
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Entity Api Project ≫ Entity Api Version7.x-1.0 SwPlatformdrupal
Entity Api Project ≫ Entity Api Version7.x-1.1 SwPlatformdrupal
Entity Api Project ≫ Entity Api Version7.x-1.2 SwPlatformdrupal
Fedoraproject ≫ Fedora Version19
Fedoraproject ≫ Fedora Version20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.567 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.