CVE-2014-9502

EUVD-2014-9319
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
open_atrium_projectopen_atrium
7.x-2.0 ≤
𝑥
< 7.x-2.26
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/01/04/6
https://exchange.xforce.ibmcloud.com/vulnerabilities/99655
https://www.drupal.org/node/2394979
https://www.drupal.org/node/2395045
http://www.openwall.com/lists/oss-security/2015/01/04/6
https://exchange.xforce.ibmcloud.com/vulnerabilities/99655
https://www.drupal.org/node/2394979
https://www.drupal.org/node/2395045