Lucene search

[email protected]CVE-2012-2315

HistorySep 09, 2012 - 9:55 p.m.

CVE-2012-2315

2012-09-0921:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-2315

openkm 5.1.7

information security

user privileges

remote authentication

7.2 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.

CPENameOperatorVersion
openkm:openkmopenkmeq5.1.8
openkm:openkmopenkmle5.1.7

CPE	Name	Operator	Version
openkm:openkm	openkm	eq	5.1.8
openkm:openkm	openkm	le	5.1.7

References

archives.neohapsis.com/archives/bugtraq/2012-01/0007.html

archives.neohapsis.com/archives/bugtraq/2012-01/0021.html

osvdb.org/78105

secunia.com/advisories/47424

www.openwall.com/lists/oss-security/2012/03/23/6

www.openwall.com/lists/oss-security/2012/03/23/8

www.openwall.com/lists/oss-security/2012/04/27/6

www.openwall.com/lists/oss-security/2012/05/04/13

www.openwall.com/lists/oss-security/2012/05/04/2

www.securityfocus.com/bid/51250

exchange.xforce.ibmcloud.com/vulnerabilities/72112

7.2 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for CVE-2012-2315

prion1 cvelist1