Lucene search

[email protected]NVD:CVE-2009-4236

HistoryDec 08, 2009 - 11:30 p.m.

CVE-2009-4236

2009-12-0823:30:00

CWE-200

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.4%

JSON

The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.

Affected configurations

NVD

Node

ec-cubeec-cube_ver2Match2.4.0rc1

ec-cubeec-cube_ver2Match2.4.1

ec-cubeec-cube_ver2Matchr18068-community

ec-cubeec-cube_ver2Matchr18428-community

References

jvn.jp/en/jp/JVN79762947/index.html

jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html

osvdb.org/60685

secunia.com/advisories/37603

www.ec-cube.net/info/091127/

www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html

www.vupen.com/english/advisories/2009/3421

exchange.xforce.ibmcloud.com/vulnerabilities/54573

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for NVD:CVE-2009-4236

cve1 cvelist1 prion1 jvn1