← Volver a CVEs
CVE-2013-7435
N/ADescripcion
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado2/1/2018
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
evergreen-ils:evergreen
Debilidades (CWE)
CWE-200
Referencias
http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9(cve@mitre.org)
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7(cve@mitre.org)
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4(cve@mitre.org)
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2015/03/04/3(cve@mitre.org)
https://bugs.launchpad.net/evergreen/+bug/1206589(cve@mitre.org)
http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9(af854a3a-2127-422b-91ae-364da2661108)
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7(af854a3a-2127-422b-91ae-364da2661108)
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4(af854a3a-2127-422b-91ae-364da2661108)
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/(af854a3a-2127-422b-91ae-364da2661108)
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2015/03/04/3(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/evergreen/+bug/1206589(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.