CVE-2014-9502

Опубликовано: 01 фев. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.

Ссылки

http://www.openwall.com/lists/oss-security/2015/01/04/6
Issue Tracking
Mailing List
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99655
Third Party Advisory
VDB Entry
https://www.drupal.org/node/2394979
Mitigation
Vendor Advisory
https://www.drupal.org/node/2395045
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/01/04/6
Issue Tracking
Mailing List
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99655
Third Party Advisory
VDB Entry
https://www.drupal.org/node/2394979
Mitigation
Vendor Advisory
https://www.drupal.org/node/2395045
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:open_atrium_project:open_atrium:*:*:*:*:*:drupal:*:*

Версия от 7.x-2.0 (включая) до 7.x-2.26 (исключая)

cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha1:*:*:*:drupal:*:*

cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha2:*:*:*:drupal:*:*

cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha3:*:*:*:drupal:*:*

cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha4:*:*:*:drupal:*:*

cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:alpha5:*:*:*:drupal:*:*

cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta1:*:*:*:drupal:*:*

cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta2:*:*:*:drupal:*:*

cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta3:*:*:*:drupal:*:*

cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:beta4:*:*:*:drupal:*:*

cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0:rc1:*:*:*:drupal:*:*

EPSS

Процентиль: 25%

0.00088

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-7pjf-px6c-v9xw