CVE-2014-2552

Опубликовано: 27 апр. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/92129
Third Party Advisory
VDB Entry
https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f
Patch
Third Party Advisory
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/92129
Third Party Advisory
VDB Entry
https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f
Patch
Third Party Advisory
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:brookinsconsulting:collected_information_export:1.1.0:*:*:*:*:ez_publish:*:*

EPSS

Процентиль: 87%

0.03164

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-84x4-mv77-mv8c