5.3
CVE-2014-8328
- EPSS 0.32%
- Veröffentlicht 03.02.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 02:18:52
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dynamic Content Elements Project ≫ Dynamic Content Elements SwPlatformtypo3 Version >= 0.7.0 <= 0.7.5
Dynamic Content Elements Project ≫ Dynamic Content Elements SwPlatformtypo3 Version >= 0.8.0 <= 0.8.6
Dynamic Content Elements Project ≫ Dynamic Content Elements SwPlatformtypo3 Version >= 0.9.0 <= 0.9.4
Dynamic Content Elements Project ≫ Dynamic Content Elements SwPlatformtypo3 Version >= 0.10.0 <= 0.10.2
Dynamic Content Elements Project ≫ Dynamic Content Elements SwPlatformtypo3 Version >= 0.11.0 < 0.11.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.523 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.