TROYANOSYVIRUS
Retour aux CVEs

CVE-2013-7435

N/A

Description

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

Details CVE

Score CVSS v3.1N/A
Publie2/1/2018
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

evergreen-ils:evergreen

Faiblesses (CWE)

CWE-200

References

http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9(cve@mitre.org)
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7(cve@mitre.org)
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4(cve@mitre.org)
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/(cve@mitre.org)
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2015/03/04/3(cve@mitre.org)
https://bugs.launchpad.net/evergreen/+bug/1206589(cve@mitre.org)
http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9(af854a3a-2127-422b-91ae-364da2661108)
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7(af854a3a-2127-422b-91ae-364da2661108)
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4(af854a3a-2127-422b-91ae-364da2661108)
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/(af854a3a-2127-422b-91ae-364da2661108)
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2015/03/04/3(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/evergreen/+bug/1206589(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.