Lucene search

Ubuntu.comUB:CVE-2014-3942

HistoryJun 03, 2014 - 12:00 a.m.

CVE-2014-3942

2014-06-0300:00:00

ubuntu.com

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.9%

JSON

The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0
before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote
authenticated editors to execute arbitrary PHP code via a serialized PHP
object.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749215>

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

www.debian.org/security/2014/dsa-2942

www.openwall.com/lists/oss-security/2014/06/03/2

launchpad.net/bugs/cve/CVE-2014-3942

nvd.nist.gov/vuln/detail/CVE-2014-3942

security-tracker.debian.org/tracker/CVE-2014-3942

www.cve.org/CVERecord?id=CVE-2014-3942

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.9%

JSON

Related for UB:CVE-2014-3942