CVE-2017-1000003

Опубликовано: 17 июл. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation.

Ссылки

http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55
Broken Link
http://www.atutor.ca/atutor/mantis/view.php?id=5681
Broken Link
http://www.securityfocus.com/bid/99599
Third Party Advisory
VDB Entry
http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55
Broken Link
http://www.atutor.ca/atutor/mantis/view.php?id=5681
Broken Link
http://www.securityfocus.com/bid/99599
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*

Версия до 2.2.1 (включая)

EPSS

Процентиль: 51%

0.00282

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-mw9j-9gfx-vcp8