4.3

CVE-2015-3234

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.

Data is provided by the National Vulnerability Database (NVD)
DrupalDrupal Version6.0
DrupalDrupal Version6.0 Updatebeta1
DrupalDrupal Version6.0 Updatebeta2
DrupalDrupal Version6.0 Updatebeta3
DrupalDrupal Version6.0 Updatebeta4
DrupalDrupal Version6.0 Updatedev
DrupalDrupal Version6.0 Updaterc1
DrupalDrupal Version6.0 Updaterc2
DrupalDrupal Version6.0 Updaterc3
DrupalDrupal Version6.0 Updaterc4
DrupalDrupal Version6.1
DrupalDrupal Version6.2
DrupalDrupal Version6.3
DrupalDrupal Version6.4
DrupalDrupal Version6.5
DrupalDrupal Version6.6
DrupalDrupal Version6.7
DrupalDrupal Version6.8
DrupalDrupal Version6.9
DrupalDrupal Version6.10
DrupalDrupal Version6.11
DrupalDrupal Version6.12
DrupalDrupal Version6.13
DrupalDrupal Version6.14
DrupalDrupal Version6.15
DrupalDrupal Version6.16
DrupalDrupal Version6.17
DrupalDrupal Version6.18
DrupalDrupal Version6.19
DrupalDrupal Version6.20
DrupalDrupal Version6.21
DrupalDrupal Version6.22
DrupalDrupal Version6.23
DrupalDrupal Version6.24
DrupalDrupal Version6.25
DrupalDrupal Version6.26
DrupalDrupal Version6.27
DrupalDrupal Version6.28
DrupalDrupal Version6.29
DrupalDrupal Version6.30
DrupalDrupal Version6.31
DrupalDrupal Version6.32
DrupalDrupal Version6.33
DrupalDrupal Version6.34
DrupalDrupal Version6.35
DrupalDrupal Version7.0
DrupalDrupal Version7.0 Updatealpha1
DrupalDrupal Version7.0 Updatealpha2
DrupalDrupal Version7.0 Updatealpha3
DrupalDrupal Version7.0 Updatealpha4
DrupalDrupal Version7.0 Updatealpha5
DrupalDrupal Version7.0 Updatealpha6
DrupalDrupal Version7.0 Updatealpha7
DrupalDrupal Version7.0 Updatebeta1
DrupalDrupal Version7.0 Updatebeta2
DrupalDrupal Version7.0 Updatebeta3
DrupalDrupal Version7.0 Updatedev
DrupalDrupal Version7.0 Updaterc1
DrupalDrupal Version7.0 Updaterc2
DrupalDrupal Version7.0 Updaterc3
DrupalDrupal Version7.0 Updaterc4
DrupalDrupal Version7.1
DrupalDrupal Version7.2
DrupalDrupal Version7.3
DrupalDrupal Version7.4
DrupalDrupal Version7.5
DrupalDrupal Version7.6
DrupalDrupal Version7.7
DrupalDrupal Version7.8
DrupalDrupal Version7.9
DrupalDrupal Version7.10
DrupalDrupal Version7.11
DrupalDrupal Version7.12
DrupalDrupal Version7.13
DrupalDrupal Version7.14
DrupalDrupal Version7.15
DrupalDrupal Version7.16
DrupalDrupal Version7.17
DrupalDrupal Version7.18
DrupalDrupal Version7.19
DrupalDrupal Version7.20
DrupalDrupal Version7.21
DrupalDrupal Version7.22
DrupalDrupal Version7.23
DrupalDrupal Version7.24
DrupalDrupal Version7.25
DrupalDrupal Version7.26
DrupalDrupal Version7.27
DrupalDrupal Version7.28
DrupalDrupal Version7.29
DrupalDrupal Version7.30
DrupalDrupal Version7.33
DrupalDrupal Version7.34
DrupalDrupal Version7.35
DrupalDrupal Version7.36
DrupalDrupal Version7.37
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.5% 0.651
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.