Lucene search

[email protected]CVE-2015-5502

HistoryAug 18, 2015 - 6:00 p.m.

CVE-2015-5502

2015-08-1818:00:06

CWE-284

[email protected]

web.nvd.nist.gov

cve-2015-5502

storage api

drupal

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

81.0%

JSON

The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.

Affected configurations

NVD

Node

storage_api_projectstorage_apiMatch7.x-1.0drupal

storage_api_projectstorage_apiMatch7.x-1.1drupal

storage_api_projectstorage_apiMatch7.x-1.2drupal

storage_api_projectstorage_apiMatch7.x-1.3drupal

storage_api_projectstorage_apiMatch7.x-1.4drupal

storage_api_projectstorage_apiMatch7.x-1.5drupal

storage_api_projectstorage_apiMatch7.x-1.6drupal

storage_api_projectstorage_apiMatch7.x-1.7drupal

CPENameOperatorVersion
storage_api_project:storage_apistorage api project storage apieq7.x-1.0
storage_api_project:storage_apistorage api project storage apieq7.x-1.1
storage_api_project:storage_apistorage api project storage apieq7.x-1.2
storage_api_project:storage_apistorage api project storage apieq7.x-1.3
storage_api_project:storage_apistorage api project storage apieq7.x-1.4
storage_api_project:storage_apistorage api project storage apieq7.x-1.5
storage_api_project:storage_apistorage api project storage apieq7.x-1.6
storage_api_project:storage_apistorage api project storage apieq7.x-1.7

CPE	Name	Operator	Version
storage_api_project:storage_api	storage api project storage api	eq	7.x-1.0
storage_api_project:storage_api	storage api project storage api	eq	7.x-1.1
storage_api_project:storage_api	storage api project storage api	eq	7.x-1.2
storage_api_project:storage_api	storage api project storage api	eq	7.x-1.3
storage_api_project:storage_api	storage api project storage api	eq	7.x-1.4
storage_api_project:storage_api	storage api project storage api	eq	7.x-1.5
storage_api_project:storage_api	storage api project storage api	eq	7.x-1.6
storage_api_project:storage_api	storage api project storage api	eq	7.x-1.7

References

www.openwall.com/lists/oss-security/2015/07/04/4

www.securityfocus.com/bid/74867

www.drupal.org/node/2495895

www.drupal.org/node/2495903

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

81.0%

JSON

Related for CVE-2015-5502

prion1 drupal1 cvelist1 nvd1