Lucene search

[email protected]CVE-2012-2702

HistoryJun 27, 2012 - 12:55 a.m.

CVE-2012-2702

2012-06-2700:55:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-2702

ubercart

product keys

drupal

access control

remote attackers

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.7%

JSON

The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid.

Affected configurations

NVD

Node

tony_freixasubercart_product_keysMatch6.x-1.0

tony_freixasubercart_product_keysMatch6.x-1.0alpha1

tony_freixasubercart_product_keysMatch6.x-1.0alpha2

tony_freixasubercart_product_keysMatch6.x-1.0alpha3

tony_freixasubercart_product_keysMatch6.x-1.0beta1

tony_freixasubercart_product_keysMatch6.x-1.0rc1

tony_freixasubercart_product_keysMatch6.x-1.0rc2

AND

drupaldrupalMatch-

CPENameOperatorVersion
tony_freixas:ubercart_product_keystony freixas ubercart product keyseq6.x-1.0

CPE	Name	Operator	Version
tony_freixas:ubercart_product_keys	tony freixas ubercart product keys	eq	6.x-1.0

References

drupal.org/node/1580752

drupal.org/node/1585532

drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261

osvdb.org/82005

secunia.com/advisories/49169

www.openwall.com/lists/oss-security/2012/06/14/3

exchange.xforce.ibmcloud.com/vulnerabilities/75720

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.7%

JSON

Related for CVE-2012-2702

drupal1 nvd1 prion1 cvelist1