Lucene search
CertccCVE-2013-3601HistorySep 06, 2013 - 11:15 a.m.
CVE-2013-3601
2013-09-0611:15:37
CWE-264
certcc
web.nvd.nist.gov
24
cve-2013-3601
coursemill
learning management system
lms
jsp
remote authenticated users
arbitrary operations
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
58.6%
Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter.
Affected configurations
Node
trivantiscoursemill_learning_management_systemMatch6.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| trivantis | coursemill_learning_management_system | 6.6 | cpe:2.3:a:trivantis:coursemill_learning_management_system:6.6:*:*:*:*:*:*:* |
References
Related
prion
prion
Code injection
2013-09-06 11:15:00
nvd
nvd
CVE-2013-3601
2013-09-06 11:15:37
cvelist
cvelist
CVE-2013-3601
2013-09-06 10:00:00
cert
cert
Coursemill Learning Management System contains multiple vulnerabilities
2013-08-30 00:00:00
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
58.6%
Related for CVE-2013-3601