Lucene search

PRIOn knowledge basePRION:CVE-2007-0629

HistoryJan 31, 2007 - 6:28 p.m.

Information disclosure

2007-01-3118:28:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

73.7%

JSON

The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
webguieq7.3.8

CPE	Name	Operator	Version
	webgui	eq	7.3.8

References

osvdb.org/32992

secunia.com/advisories/23981

sourceforge.net/project/shownotes.php?group_id=51417&release_id=481584

www.plainblack.com/getwebgui/advisories/security-defect-discovered-in-7.x-versions

www.securityfocus.com/bid/22294

exchange.xforce.ibmcloud.com/vulnerabilities/31905

6.9 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for PRION:CVE-2007-0629