5.8
CVE-2014-4919
- EPSS 0.83%
- Veröffentlicht 19.01.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 02:11:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginOXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oxid-esales ≫ Eshop SwEditionprofessional Version < 4.7.13
Oxid-esales ≫ Eshop SwEditionprofessional Version >= 4.8.0 < 4.8.7
Oxid-esales ≫ Eshop SwEditionenterprise Version < 5.0.13
Oxid-esales ≫ Eshop SwEditionenterprise Version >= 5.1.0 < 5.1.7
Oxid-esales ≫ Eshop SwEditioncommunity Version < 4.7.13
Oxid-esales ≫ Eshop SwEditioncommunity Version >= 4.8.0 < 4.8.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.83% | 0.527 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
https://bugs.oxid-esales.com/view.php?id=5814
https://oxidforge.org/en/security-bulletin-2014-003.html