5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
33.3%
According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.17. It is, therefore, affected by multiple vulnerabilities :
Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups. (CVE-2020-11889)
Improper input validations in the usergroup table class could lead to a broken ACL configuration. (CVE-2020-11890)
Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. (CVE-2020-11891)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11889
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11890
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11891
developer.joomla.org/security-centre/809-20200401-core-incorrect-access-control-in-com-users-access-level-editing-function.html
developer.joomla.org/security-centre/810-20200402-core-missing-checks-for-the-root-usergroup-in-usergroup-table.html
developer.joomla.org/security-centre/811-20200403-core-incorrect-access-control-in-com-users-access-level-deletion-function.html
www.joomla.org/announcements/release-news/5807-joomla-3-9-17.html
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
33.3%