CVE-2014-6290

2014-10-0314:55:08

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.006

Percentile

78.1%

JSON

The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an “insecure unserialize” issue.

Affected configurations

Nvd

Node

news_projectnewsRange≤3.5.1typo3

news_projectnewsMatch3.0.0typo3

news_projectnewsMatch3.0.1typo3

news_projectnewsMatch3.1.0typo3

news_projectnewsMatch3.2.0typo3

news_projectnewsMatch3.2.1typo3

news_projectnewsMatch3.4.0typo3

news_projectnewsMatch3.5.0typo3

VendorProductVersionCPE
news_projectnews*cpe:2.3:a:news_project:news:*:*:*:*:*:typo3:*:*
news_projectnews3.0.0cpe:2.3:a:news_project:news:3.0.0:*:*:*:*:typo3:*:*
news_projectnews3.0.1cpe:2.3:a:news_project:news:3.0.1:*:*:*:*:typo3:*:*
news_projectnews3.1.0cpe:2.3:a:news_project:news:3.1.0:*:*:*:*:typo3:*:*
news_projectnews3.2.0cpe:2.3:a:news_project:news:3.2.0:*:*:*:*:typo3:*:*
news_projectnews3.2.1cpe:2.3:a:news_project:news:3.2.1:*:*:*:*:typo3:*:*
news_projectnews3.4.0cpe:2.3:a:news_project:news:3.4.0:*:*:*:*:typo3:*:*
news_projectnews3.5.0cpe:2.3:a:news_project:news:3.5.0:*:*:*:*:typo3:*:*

Vendor	Product	Version	CPE
news_project	news	*	cpe:2.3:a:news_project:news::::::typo3::*
news_project	news	3.0.0	cpe:2.3:a:news_project:news:3.0.0:::::typo3::
news_project	news	3.0.1	cpe:2.3:a:news_project:news:3.0.1:::::typo3::
news_project	news	3.1.0	cpe:2.3:a:news_project:news:3.1.0:::::typo3::
news_project	news	3.2.0	cpe:2.3:a:news_project:news:3.2.0:::::typo3::
news_project	news	3.2.1	cpe:2.3:a:news_project:news:3.2.1:::::typo3::
news_project	news	3.4.0	cpe:2.3:a:news_project:news:3.4.0:::::typo3::
news_project	news	3.5.0	cpe:2.3:a:news_project:news:3.5.0:::::typo3::