Lucene search

JpcertCVE-2011-3993

HistoryNov 03, 2011 - 5:55 p.m.

CVE-2011-3993

2011-11-0317:55:01

CWE-264

jpcert

web.nvd.nist.gov

cve-2011-3993

nvd

skyarc mtcms

movable type

weak permissions

remote authenticated users

file modification

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

50.8%

JSON

SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors.

Affected configurations

Nvd

Node

skyarcautotaggingRange≤0.08

skyarcduplicateentryRange≤1.2

skyarcmailpackRange≤1.741

skyarcmtcmsRange≤5.251

skyarcmtcmsMatch5.2

skyarcmtcmsMatch5.21

skyarcmtcmsMatch5.22

skyarcmtcmsMatch5.23

skyarcmtcmsMatch5.24

skyarcmtcmsMatch5.24enterprise

skyarcmtcmsMatch5.24smart

skyarcmtcmsMatch5.25

skyarcmtcmsMatch5.25enterprise

skyarcmtcmsMatch5.25smart

skyarcmtcmsMatch5.251enterprise

skyarcmtcmsMatch5.251smart

skyarcmultifileuploaderRange≤0.44

VendorProductVersionCPE
skyarcautotagging*cpe:2.3:a:skyarc:autotagging:*:*:*:*:*:*:*:*
skyarcduplicateentry*cpe:2.3:a:skyarc:duplicateentry:*:*:*:*:*:*:*:*
skyarcmailpack*cpe:2.3:a:skyarc:mailpack:*:*:*:*:*:*:*:*
skyarcmtcms*cpe:2.3:a:skyarc:mtcms:*:*:*:*:*:*:*:*
skyarcmtcms5.2cpe:2.3:a:skyarc:mtcms:5.2:*:*:*:*:*:*:*
skyarcmtcms5.21cpe:2.3:a:skyarc:mtcms:5.21:*:*:*:*:*:*:*
skyarcmtcms5.22cpe:2.3:a:skyarc:mtcms:5.22:*:*:*:*:*:*:*
skyarcmtcms5.23cpe:2.3:a:skyarc:mtcms:5.23:*:*:*:*:*:*:*
skyarcmtcms5.24cpe:2.3:a:skyarc:mtcms:5.24:*:*:*:*:*:*:*
skyarcmtcms5.24cpe:2.3:a:skyarc:mtcms:5.24:*:enterprise:*:*:*:*:*

Vendor	Product	Version	CPE
skyarc	autotagging	*	cpe:2.3:a:skyarc:autotagging::::::::
skyarc	duplicateentry	*	cpe:2.3:a:skyarc:duplicateentry::::::::
skyarc	mailpack	*	cpe:2.3:a:skyarc:mailpack::::::::
skyarc	mtcms	*	cpe:2.3:a:skyarc:mtcms::::::::
skyarc	mtcms	5.2	cpe:2.3:a:skyarc:mtcms:5.2:::::::*
skyarc	mtcms	5.21	cpe:2.3:a:skyarc:mtcms:5.21:::::::*
skyarc	mtcms	5.22	cpe:2.3:a:skyarc:mtcms:5.22:::::::*
skyarc	mtcms	5.23	cpe:2.3:a:skyarc:mtcms:5.23:::::::*
skyarc	mtcms	5.24	cpe:2.3:a:skyarc:mtcms:5.24:::::::*
skyarc	mtcms	5.24	cpe:2.3:a:skyarc:mtcms:5.24::enterprise:::::

Rows per page:

1-10 of 171

References

jvn.jp/en/jp/JVN41032068/index.html

jvndb.jvn.jp/jvndb/JVNDB-2011-000093

www.mtcms.jp/news/product/201110131921.html

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

50.8%

JSON

Related for CVE-2011-3993