Lucene search

[email protected]CVE-2014-8327

HistoryOct 27, 2014 - 3:55 p.m.

CVE-2014-8327

2014-10-2715:55:25

[email protected]

web.nvd.nist.gov

cve-2014-8327

typo3

fal_sftp

vulnerability

sftp

remote

authenticated users

weak permissions

sensitive information

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.4%

JSON

The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Affected configurations

NVD

Node

fal_sftp_projectfal_sftpRange≤0.2.5typo3

fal_sftp_projectfal_sftpMatch0.2.4typo3

CPENameOperatorVersion
fal_sftp_project:fal_sftpfal sftp project fal sftple0.2.5
fal_sftp_project:fal_sftpfal sftp project fal sftpeq0.2.4

CPE	Name	Operator	Version
fal_sftp_project:fal_sftp	fal sftp project fal sftp	le	0.2.5
fal_sftp_project:fal_sftp	fal sftp project fal sftp	eq	0.2.4

References

typo3.org/extensions/repository/view/fal_sftp

typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-014/

exchange.xforce.ibmcloud.com/vulnerabilities/97668

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.4%

JSON

Related for CVE-2014-8327

nvd1 typo31 cvelist1 prion1