Lucene search

[email protected]CVE-2012-4498

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4498

2022-10-0316:15:32

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-4498

activism module

drupal

access restrictions

bypass

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.5%

JSON

The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the “Campaign” content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact.

Affected configurations

NVD

Node

morbus_iffactivismMatch6.x-2.0

morbus_iffactivismMatch6.x-2.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
morbus_iff:activismmorbus iff activismeq6.x-2.0
morbus_iff:activismmorbus iff activismeq6.x-2.x

CPE	Name	Operator	Version
morbus_iff:activism	morbus iff activism	eq	6.x-2.0
morbus_iff:activism	morbus iff activism	eq	6.x-2.x

References

drupal.org/node/1762152

drupal.org/node/1762160

www.openwall.com/lists/oss-security/2012/10/04/6

www.openwall.com/lists/oss-security/2012/10/07/1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for CVE-2012-4498

prion1 nvd1 cvelist1