CVE-2014-9503

The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
open_atrium_projectopen_atrium
7.x-2.0 ≤
𝑥
< 7.x-2.26
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
open_atrium_projectopen_atrium
7.x-2.0:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/01/04/6
https://exchange.xforce.ibmcloud.com/vulnerabilities/99656
https://www.drupal.org/node/2394979
https://www.drupal.org/node/2395045
http://www.openwall.com/lists/oss-security/2015/01/04/6
https://exchange.xforce.ibmcloud.com/vulnerabilities/99656
https://www.drupal.org/node/2394979
https://www.drupal.org/node/2395045