Lucene search
HistoryJun 03, 2014 - 2:55 p.m.
CVE-2014-3946
cve-2014-3946
typo3
extbase framework
query caching
security vulnerability
remote access
6.1 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
45.7%
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3:typo3 | typo3 | eq | 6.2.1 |
| typo3:typo3 | typo3 | eq | 6.2.0 |
| typo3:typo3 | typo3 | eq | 6.2 |
| typo3:typo3 | typo3 | eq | 6.2.2 |
Related
veracode
veracode
Information Disclosure
2017-07-30 08:05:59
ubuntucve
ubuntucve
CVE-2014-3946
2014-06-03 00:00:00
friendsofphp
friendsofphp
Information disclosure in the Extbase framework
2014-05-22 09:33:36
prion
prion
Design/Logic Flaw
2014-06-03 14:55:00
osv
osv
Typo3 Information Disclosure
2022-05-17 04:42:47
typo3-src - security update
2014-06-01 00:00:00
github
github
Typo3 Information Disclosure
2022-05-17 04:42:47
openvas
openvas
TYPO3 6.2.0 - 6.2.2 Multiple Vulnerabilities (TYPO3-CORE-SA-2014-001)
2014-07-03 00:00:00
Debian: Security Advisory (DSA-2942-1)
2014-05-31 00:00:00
Debian Security Advisory DSA 2942-1 (typo3-src - security update)
2014-06-01 00:00:00
typo3
typo3
Multiple Vulnerabilities in TYPO3 CMS
2014-05-22 00:00:00
securityvulns
securityvulns
6.1 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
45.7%
Related for CVE-2014-3946