CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
72.7%
The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
ark-web | a-form | * | cpe:2.3:a:ark-web:a-form:*:*:*:*:*:*:*:* |
ark-web | a-form | 2.0.2 | cpe:2.3:a:ark-web:a-form:2.0.2:*:*:*:*:*:*:* |
ark-web | a-form_bamboo | 1.3.5 | cpe:2.3:a:ark-web:a-form_bamboo:1.3.5:*:*:*:*:*:*:* |
ark-web | a-form_bamboo | 2.0.2 | cpe:2.3:a:ark-web:a-form_bamboo:2.0.2:*:*:*:*:*:*:* |
ark-web | a-form_pc | * | cpe:2.3:a:ark-web:a-form_pc:*:*:*:*:*:*:*:* |
ark-web | a-form_pc_mobile | * | cpe:2.3:a:ark-web:a-form_pc_mobile:*:*:*:*:*:*:*:* |
six_apart | movable_type | * | cpe:2.3:a:six_apart:movable_type:*:*:*:*:*:*:*:* |