Lucene search
RedhatCVE-2010-3716HistoryOct 25, 2010 - 8:01 p.m.
CVE-2010-3716
2010-10-2520:01:04
CWE-20
redhat
web.nvd.nist.gov
43
cve-2010-3716
typo3
remote authentication
user privileges
group memberships
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.003
Percentile
70.3%
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships.
Affected configurations
Node
typo3typo3Match4.2.0
ORtypo3typo3Match4.2.1
ORtypo3typo3Match4.2.2
ORtypo3typo3Match4.2.3
ORtypo3typo3Match4.2.4
ORtypo3typo3Match4.2.5
ORtypo3typo3Match4.2.6
ORtypo3typo3Match4.2.7
ORtypo3typo3Match4.2.8
ORtypo3typo3Match4.2.9
ORtypo3typo3Match4.2.10
ORtypo3typo3Match4.2.11
ORtypo3typo3Match4.2.12
ORtypo3typo3Match4.2.13
ORtypo3typo3Match4.2.14
ORtypo3typo3Match4.3.0
ORtypo3typo3Match4.3.1
ORtypo3typo3Match4.3.2
ORtypo3typo3Match4.3.3
ORtypo3typo3Match4.3.4
ORtypo3typo3Match4.3.5
ORtypo3typo3Match4.3.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.2.1 | cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.2.2 | cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.2.3 | cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.2.4 | cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.2.5 | cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.2.6 | cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.2.7 | cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.2.8 | cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.2.9 | cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2010-3716
2010-10-25 00:00:00
nvd
nvd
CVE-2010-3716
2010-10-25 20:01:04
cvelist
cvelist
CVE-2010-3716
2010-10-25 19:00:00
prion
prion
Cross site request forgery (csrf)
2010-10-25 20:01:00
openvas
openvas
Debian Security Advisory DSA 2121-1 (typo3-src)
2010-11-17 00:00:00
TYPO3 Multiple Vulnerabilities (Oct 2010)
2014-01-09 00:00:00
Debian: Security Advisory (DSA-2121-1)
2010-11-17 00:00:00
securityvulns
securityvulns
debian
debian
[SECURITY] [DSA 2121-1] New TYPO3 packages fix several vulnerabilities
2010-10-19 20:07:09
nessus
nessus
Debian DSA-2121-1 : typo3-src - several vulnerabilities
2010-10-20 00:00:00
osv
osv
typo3-src - several vulnerabilities
2010-10-19 00:00:00
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.003
Percentile
70.3%
Related for CVE-2010-3716