CVE-2014-9503

EUVD-2014-9320
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
open_atrium_projectopen_atrium
7.x-2.0 ≤
𝑥
< 7.x-2.26
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/01/04/6
https://exchange.xforce.ibmcloud.com/vulnerabilities/99656
https://www.drupal.org/node/2394979
https://www.drupal.org/node/2395045
http://www.openwall.com/lists/oss-security/2015/01/04/6
https://exchange.xforce.ibmcloud.com/vulnerabilities/99656
https://www.drupal.org/node/2394979
https://www.drupal.org/node/2395045