6.5

CVE-2014-1399

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Entity Api ProjectEntity Api Version7.x-1.0 SwPlatformdrupal
Entity Api ProjectEntity Api Version7.x-1.1 SwPlatformdrupal
Entity Api ProjectEntity Api Version7.x-1.2 SwPlatformdrupal
FedoraprojectFedora Version19
FedoraprojectFedora Version20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.42% 0.693
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/01/09/3
Mailing List
http://www.securityfocus.com/bid/64729
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1050802
Issue Tracking
https://www.drupal.org/node/2169595
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90216
Third Party Advisory
VDB Entry