CVE-2014-2552

EUVD-2014-2587
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
brookinsconsultingcollected_information_export
1.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/92129
https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853
https://exchange.xforce.ibmcloud.com/vulnerabilities/92129
https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853