4

CVE-2014-9026

The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.

Data is provided by the National Vulnerability Database (NVD)
UbercartUbercart Version7.x-3.0 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updatealpha1 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updatealpha2 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updatealpha3 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updatebeta1 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updatebeta2 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updatebeta3 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updatebeta4 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updaterc1 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updaterc2 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updaterc3 SwPlatformdrupal
UbercartUbercart Version7.x-3.0 Updaterc4 SwPlatformdrupal
UbercartUbercart Version7.x-3.1 SwPlatformdrupal
UbercartUbercart Version7.x-3.2 SwPlatformdrupal
UbercartUbercart Version7.x-3.3 SwPlatformdrupal
UbercartUbercart Version7.x-3.4 SwPlatformdrupal
UbercartUbercart Version7.x-3.5 SwPlatformdrupal
UbercartUbercart Version7.x-3.6 SwPlatformdrupal
UbercartUbercart Version7.x-3.7 SwPlatformdrupal
UbercartUbercart Version7.x-3.x-dev SwPlatformdrupal
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.18% 0.359
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N