CVE-2015-10033

EPSS 0.32%
Veröffentlicht 09.01.2023 21:15:10
Zuletzt bearbeitet 21.11.2024 02:24:13
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The identifier of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Merlinsboard Project ≫ Merlinsboard Version < 2015-03-19

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.545

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	1.2	5.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cna@vuldb.com	3.5	0.9	2.5	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
cna@vuldb.com	3.7	4.1	4.9	AV:A/AC:L/Au:M/C:N/I:P/A:P

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/jvvlee/MerlinsBoard/commit/134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5

Patch

Third Party Advisory

https://vuldb.com/?ctiid.217713

Third Party Advisory

https://vuldb.com/?id.217713

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-10033

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-10033

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-10033

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-10033