Lucene search
HistoryAug 12, 2012 - 9:55 p.m.
CVE-2012-3472
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.3%
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
Affected configurations
Node
ushahidiushahidi_platformRange≤2.4.1
ORushahidiushahidi_platformMatch1.0
ORushahidiushahidi_platformMatch1.2
ORushahidiushahidi_platformMatch2.0
ORushahidiushahidi_platformMatch2.1
ORushahidiushahidi_platformMatch2.2
ORushahidiushahidi_platformMatch2.2.1
ORushahidiushahidi_platformMatch2.3.1
ORushahidiushahidi_platformMatch2.3.2
ORushahidiushahidi_platformMatch2.4
Related
cve
cve
CVE-2012-3472
2022-10-03 16:15:23
prion
prion
Authentication flaw
2012-08-12 21:55:00
cvelist
cvelist
CVE-2012-3472
2022-10-03 16:15:23
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.3%
Related for NVD:CVE-2012-3472