Lucene search

[email protected]CVE-2007-5931

HistoryNov 10, 2007 - 11:46 a.m.

CVE-2007-5931

2007-11-1011:46:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-5931

orangehrm

data access

remote attackers

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

orangehrmorangehrmRange≤2.2.1

CPENameOperatorVersion
orangehrm:orangehrmorangehrmle2.2.1

CPE	Name	Operator	Version
orangehrm:orangehrm	orangehrm	le	2.2.1

References

osvdb.org/45295

sourceforge.net/project/shownotes.php?release_id=550550&group_id=156477

www.securityfocus.com/bid/26351

www.vupen.com/english/advisories/2007/3719

exchange.xforce.ibmcloud.com/vulnerabilities/38245

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for CVE-2007-5931

cvelist1 prion1 nvd1