6.5

CVE-2014-9503

The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Open Atrium ProjectOpen Atrium SwPlatformdrupal Version >= 7.x-2.0 < 7.x-2.26
Open Atrium ProjectOpen Atrium Version7.x-2.0 Updatealpha1 SwPlatformdrupal
Open Atrium ProjectOpen Atrium Version7.x-2.0 Updatealpha2 SwPlatformdrupal
Open Atrium ProjectOpen Atrium Version7.x-2.0 Updatealpha3 SwPlatformdrupal
Open Atrium ProjectOpen Atrium Version7.x-2.0 Updatealpha4 SwPlatformdrupal
Open Atrium ProjectOpen Atrium Version7.x-2.0 Updatealpha5 SwPlatformdrupal
Open Atrium ProjectOpen Atrium Version7.x-2.0 Updatebeta1 SwPlatformdrupal
Open Atrium ProjectOpen Atrium Version7.x-2.0 Updatebeta2 SwPlatformdrupal
Open Atrium ProjectOpen Atrium Version7.x-2.0 Updatebeta3 SwPlatformdrupal
Open Atrium ProjectOpen Atrium Version7.x-2.0 Updatebeta4 SwPlatformdrupal
Open Atrium ProjectOpen Atrium Version7.x-2.0 Updaterc1 SwPlatformdrupal
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.435
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.openwall.com/lists/oss-security/2015/01/04/6
Third Party Advisory
Mailing List
Issue Tracking
https://www.drupal.org/node/2394979
Vendor Advisory
Mitigation