9.8

CVE-2017-1000003

EPSS 0.28%
Veröffentlicht 17.07.2017 13:18:16
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atutor ≫ Atutor Version <= 2.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.486

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55

Broken Link

http://www.atutor.ca/atutor/mantis/view.php?id=5681

Broken Link

http://www.securityfocus.com/bid/99599

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-1000003

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-1000003

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-1000003

EUVD