Lucene search

[email protected]NVD:CVE-2014-0808

HistoryJan 22, 2014 - 9:55 p.m.

CVE-2014-0808

2014-01-2221:55:03

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%

JSON

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users’ information by sending a crafted HTTP request.

Affected configurations

NVD

Node

lockonec-cubeMatch2.11.0

lockonec-cubeMatch2.11.0beta

lockonec-cubeMatch2.11.0beta2

lockonec-cubeMatch2.11.1

lockonec-cubeMatch2.11.2

lockonec-cubeMatch2.11.3

lockonec-cubeMatch2.11.4

lockonec-cubeMatch2.11.5

lockonec-cubeMatch2.12.0

lockonec-cubeMatch2.12.1

lockonec-cubeMatch2.12.2

References

jvn.jp/en/jp/JVN51770585/

jvndb.jvn.jp/jvndb/JVNDB-2014-000006

www.ec-cube.net/info/weakness/weakness.php?id=57

ec-orange.jp/

jvn.jp/en/jp/JVN15637138/

jvndb.jvn.jp/jvndb/JVNDB-2024-000054

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%

JSON

Related for NVD:CVE-2014-0808

vulnrichment1 cvelist1 jvn2 cve1 prion1 github1