CVE-2008-6908

EUVD-2008-6868
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
marc_ingramservices
5.x-0.9:x
marc_ingramservices
5.x-0.91:x
marc_ingramservices
5.x-1.x-dev:x
marc_ingramservices
6.x-0.9:x
marc_ingramservices
6.x-0.11:x
marc_ingramservices
6.x-0.12:x
marc_ingramservices
6.x-1.x-dev:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/348295
http://osvdb.org/50743
http://www.securityfocus.com/bid/32894
https://exchange.xforce.ibmcloud.com/vulnerabilities/47458
http://drupal.org/node/348295
http://osvdb.org/50743
http://www.securityfocus.com/bid/32894
https://exchange.xforce.ibmcloud.com/vulnerabilities/47458