Lucene search

[email protected]CVE-2015-8232

HistoryOct 03, 2022 - 4:16 p.m.

CVE-2015-8232

2022-10-0316:16:00

CWE-200

[email protected]

web.nvd.nist.gov

uc profile

drupal

cve-2015-8232

vulnerability

security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors.

Affected configurations

NVD

Node

uc_profile_projectuc_profileMatch6.x-1.1drupal

uc_profile_projectuc_profileMatch6.x-1.1rc1drupal

uc_profile_projectuc_profileMatch6.x-1.1rc2drupal

uc_profile_projectuc_profileMatch6.x-1.1rc3drupal

uc_profile_projectuc_profileMatch6.x-1.2drupal

CPENameOperatorVersion
uc_profile_project:uc_profileuc profile project uc profileeq6.x-1.1
uc_profile_project:uc_profileuc profile project uc profileeq6.x-1.2

CPE	Name	Operator	Version
uc_profile_project:uc_profile	uc profile project uc profile	eq	6.x-1.1
uc_profile_project:uc_profile	uc profile project uc profile	eq	6.x-1.2

References

www.drupal.org/node/2612812

www.drupal.org/node/2613444

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

Related for CVE-2015-8232

prion1 drupal1 nvd1 cvelist1