Japan Vulnerability NotesJVN:16617002JVN#16617002: BaserCMS vulnerable to access restriction
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
59.7%
BaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a vulnerability in access restriction where adding a user in the user group “operators” which is created by default when BaserCMS is installed.
Impact
Users without administrative privileges may obtain administrative privileges or alter the information of administrators.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Apply a patch
Apply the appropriate patch according to the information provided by the developer.
Apply a workaround
The following workaround may mitigate the affects of this vulnerability.
- Do not use the default user group “operators”
Products Affected
- BaserCMS 1.6.11.4 and earlier
Related
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
59.7%