Lucene search

Veracode Vulnerability DatabaseVERACODE:10897

HistoryJan 15, 2019 - 8:53 a.m.

Authorization Bypass

2019-01-1508:53:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

cumin is vulnerable to authorization bypass. User roles in the application are not properly enforced, allowing unprivileged user to access restricted resources. This allows a remote authenticated attacker to exploit the vulnerability to obtain confidential information and perform unauthorized actions.

CPENameOperatorVersion
cumineq0.1.4916__1.el5
cumineq0.1.5098__2.el6
cumineq0.1.4410__2.el5
cumineq0.1.5192__1.el6
cumineq0.1.4494__1.el5
cumineq0.1.3037__2.el5
cumineq0.1.3160__1.el5
cumineq0.1.5098__2.el5
cumineq0.1.5444__3.el5
cumineq0.1.5675__1.el6

Name	Operator	Version
cumin	eq	0.1.4916__1.el5
cumin	eq	0.1.5098__2.el6
cumin	eq	0.1.4410__2.el5
cumin	eq	0.1.5192__1.el6
cumin	eq	0.1.4494__1.el5
cumin	eq	0.1.3037__2.el5
cumin	eq	0.1.3160__1.el5
cumin	eq	0.1.5098__2.el5
cumin	eq	0.1.5444__3.el5
cumin	eq	0.1.5675__1.el6

Rows per page:

1-10 of 261

References

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038

rhn.redhat.com/errata/RHSA-2013-1851.html

rhn.redhat.com/errata/RHSA-2013-1852.html

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1029673

rhn.redhat.com/errata/RHSA-2013-1851.html

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

Related for VERACODE:10897