7.5

CVE-2014-3526

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheWicket Version >= 1.5.0 < 1.5.12
ApacheWicket Version6.0.0
ApacheWicket Version6.0.0 Updatebeta1
ApacheWicket Version6.0.0 Updatebeta2
ApacheWicket Version6.0.0 Updatebeta3
ApacheWicket Version6.1.0
ApacheWicket Version6.1.1
ApacheWicket Version6.2.0
ApacheWicket Version6.3.0
ApacheWicket Version6.4.0
ApacheWicket Version6.5.0
ApacheWicket Version6.6.0
ApacheWicket Version6.7.0
ApacheWicket Version6.8.0
ApacheWicket Version6.9.0
ApacheWicket Version6.9.1
ApacheWicket Version6.10.0
ApacheWicket Version6.11.0
ApacheWicket Version6.12.0
ApacheWicket Version6.13.0
ApacheWicket Version6.14.0
ApacheWicket Version6.15.0
ApacheWicket Version6.16.0
ApacheWicket Version7.0.0
ApacheWicket Version7.0.0 Updatemilestone1
ApacheWicket Version7.0.0 Updatemilestone2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.648
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.