Lucene search

[email protected]NVD:CVE-2014-9022

HistoryNov 20, 2014 - 5:50 p.m.

CVE-2014-9022

2014-11-2017:50:11

CWE-264

[email protected]

web.nvd.nist.gov

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the “disabled” restriction and modify read-only components via a crafted form.

Affected configurations

NVD

Node

web_component_roles_projectweb_component_rolesMatch6.x-1.5drupal

web_component_roles_projectweb_component_rolesMatch6.x-1.6drupal

web_component_roles_projectweb_component_rolesMatch7.x-1.0drupal

web_component_roles_projectweb_component_rolesMatch7.x-1.1drupal

web_component_roles_projectweb_component_rolesMatch7.x-1.2drupal

web_component_roles_projectweb_component_rolesMatch7.x-1.3drupal

web_component_roles_projectweb_component_rolesMatch7.x-1.4drupal

web_component_roles_projectweb_component_rolesMatch7.x-1.5drupal

web_component_roles_projectweb_component_rolesMatch7.x-1.6drupal

web_component_roles_projectweb_component_rolesMatch7.x-1.7drupal

References

www.drupal.org/node/2373471

www.drupal.org/node/2373473

www.drupal.org/node/2373973

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for NVD:CVE-2014-9022

drupal1 cvelist1 cve1 prion1