Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-9022
HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-9022

2022-10-0316:20:39
CWE-264
[email protected]
web.nvd.nist.gov
22
cve-2014-9022
webform component roles module
drupal
bypass
remote attackers
nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.3%

JSON

The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the “disabled” restriction and modify read-only components via a crafted form.

Affected configurations

NVD
Node
web_component_roles_projectweb_component_rolesMatch6.x-1.5drupal
OR
web_component_roles_projectweb_component_rolesMatch6.x-1.6drupal
OR
web_component_roles_projectweb_component_rolesMatch7.x-1.0drupal
OR
web_component_roles_projectweb_component_rolesMatch7.x-1.1drupal
OR
web_component_roles_projectweb_component_rolesMatch7.x-1.2drupal
OR
web_component_roles_projectweb_component_rolesMatch7.x-1.3drupal
OR
web_component_roles_projectweb_component_rolesMatch7.x-1.4drupal
OR
web_component_roles_projectweb_component_rolesMatch7.x-1.5drupal
OR
web_component_roles_projectweb_component_rolesMatch7.x-1.6drupal
OR
web_component_roles_projectweb_component_rolesMatch7.x-1.7drupal
CPENameOperatorVersion
web_component_roles_project:web_component_rolesweb component roles project web component roleseq6.x-1.5
web_component_roles_project:web_component_rolesweb component roles project web component roleseq6.x-1.6
web_component_roles_project:web_component_rolesweb component roles project web component roleseq7.x-1.0
web_component_roles_project:web_component_rolesweb component roles project web component roleseq7.x-1.1
web_component_roles_project:web_component_rolesweb component roles project web component roleseq7.x-1.2
web_component_roles_project:web_component_rolesweb component roles project web component roleseq7.x-1.3
web_component_roles_project:web_component_rolesweb component roles project web component roleseq7.x-1.4
web_component_roles_project:web_component_rolesweb component roles project web component roleseq7.x-1.5
web_component_roles_project:web_component_rolesweb component roles project web component roleseq7.x-1.6
web_component_roles_project:web_component_rolesweb component roles project web component roleseq7.x-1.7

Related

nvd 1
prion 1
drupal 1
cvelist 1
nvd
nvd
CVE-2014-9022
2014-11-20 17:50:11
prion
prion
Design/Logic Flaw
2014-11-20 17:50:00
drupal
drupal
SA-CONTRIB-2014-108 - Webform Component Roles - Access Bypass
2014-11-12 00:00:00
cvelist
cvelist
CVE-2014-9022
2022-10-03 16:20:39

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.3%

JSON
Related for CVE-2014-9022
nvd1prion1drupal1cvelist1