Lucene search

K
nvd[email protected]NVD:CVE-2015-2559
HistoryMar 25, 2015 - 2:59 p.m.

CVE-2015-2559

2015-03-2514:59:05
CWE-284
web.nvd.nist.gov
7

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

41.9%

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

Affected configurations

Nvd
Node
debiandebian_linuxMatch7.0
Node
drupaldrupalRange6.06.35
OR
drupaldrupalRange7.07.35

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

41.9%