CVE-2014-9502

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
open_atrium_projectopen_atrium
7.x-2.0 ≤
𝑥
< 7.x-2.26
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/01/04/6
https://exchange.xforce.ibmcloud.com/vulnerabilities/99655
https://www.drupal.org/node/2394979
https://www.drupal.org/node/2395045
http://www.openwall.com/lists/oss-security/2015/01/04/6
https://exchange.xforce.ibmcloud.com/vulnerabilities/99655
https://www.drupal.org/node/2394979
https://www.drupal.org/node/2395045