CVE-2015-5509

2015-08-1818:00:14

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-5509

administration views

drupal

access control

bypass restrictions

security vulnerability

6.9 Medium

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors.

Affected configurations

NVD

Node

administration_views_projectadministration_viewsMatch7.x-1.0drupal

administration_views_projectadministration_viewsMatch7.x-1.0rc1drupal

administration_views_projectadministration_viewsMatch7.x-1.1drupal

administration_views_projectadministration_viewsMatch7.x-1.2drupal

administration_views_projectadministration_viewsMatch7.x-1.xdevdrupal

CPENameOperatorVersion
administration_views_project:administration_viewsadministration views project administration viewseq7.x-1.0
administration_views_project:administration_viewsadministration views project administration viewseq7.x-1.1
administration_views_project:administration_viewsadministration views project administration viewseq7.x-1.2
administration_views_project:administration_viewsadministration views project administration viewseq7.x-1.x

CPE	Name	Operator	Version
administration_views_project:administration_views	administration views project administration views	eq	7.x-1.0
administration_views_project:administration_views	administration views project administration views	eq	7.x-1.1
administration_views_project:administration_views	administration views project administration views	eq	7.x-1.2
administration_views_project:administration_views	administration views project administration views	eq	7.x-1.x