CVE-2014-8327

The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
fal_sftp_projectfal_sftp
𝑥
≤ 0.2.5
fal_sftp_projectfal_sftp
0.2.4
𝑥
= Vulnerable software versions
References
http://typo3.org/extensions/repository/view/fal_sftp
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-014/
https://exchange.xforce.ibmcloud.com/vulnerabilities/97668
http://typo3.org/extensions/repository/view/fal_sftp
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-014/
https://exchange.xforce.ibmcloud.com/vulnerabilities/97668