Lucene search
CertccCVE-2012-1827HistoryJun 13, 2012 - 7:55 p.m.
CVE-2012-1827
2012-06-1319:55:00
CWE-264
certcc
web.nvd.nist.gov
23
cve-2012-1827
autoform pdm archive
web service
authorization
remote authenticated users
database operations
soap request
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.003
Percentile
68.5%
The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request.
Affected configurations
Node
efstechnologyautoform_pdm_archiveRange≤7.0
ORefstechnologyautoform_pdm_archiveMatch6.920
| Vendor | Product | Version | CPE |
|---|---|---|---|
| efstechnology | autoform_pdm_archive | * | cpe:2.3:a:efstechnology:autoform_pdm_archive:*:*:*:*:*:*:*:* |
| efstechnology | autoform_pdm_archive | 6.920 | cpe:2.3:a:efstechnology:autoform_pdm_archive:6.920:*:*:*:*:*:*:* |
Related
prion
prion
Server side request forgery (ssrf)
2012-06-13 19:55:00
cvelist
cvelist
CVE-2012-1827
2012-06-13 19:00:00
nvd
nvd
CVE-2012-1827
2012-06-13 19:55:00
cert
cert
AutoFORM PDM Archive contains multiple vulnerabilities
2012-05-29 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.003
Percentile
68.5%
Related for CVE-2012-1827