CVE-2012-2315

2012-09-0921:00:00

redhat

www.cve.org

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.

References

archives.neohapsis.com/archives/bugtraq/2012-01/0007.html

archives.neohapsis.com/archives/bugtraq/2012-01/0021.html

osvdb.org/78105

secunia.com/advisories/47424

www.openwall.com/lists/oss-security/2012/03/23/6

www.openwall.com/lists/oss-security/2012/03/23/8

www.openwall.com/lists/oss-security/2012/04/27/6

www.openwall.com/lists/oss-security/2012/05/04/13

www.openwall.com/lists/oss-security/2012/05/04/2

www.securityfocus.com/bid/51250

exchange.xforce.ibmcloud.com/vulnerabilities/72112