4.3
CVE-2020-25026
- EPSS 0.77%
- Veröffentlicht 02.09.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:16:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Derhansen ≫ Event Management And Registration SwPlatformtypo3 Version < 4.3.1
Derhansen ≫ Event Management And Registration SwPlatformtypo3 Version >= 5.0.0 < 5.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.77% | 0.508 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
https://typo3.org/help/security-advisories
https://typo3.org/security/advisory/typo3-ext-sa-2020-017