CVE-2015-5502

EUVD-2015-5457
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
storage_api_projectstorage_api
7.x-1.0:x
storage_api_projectstorage_api
7.x-1.1:x
storage_api_projectstorage_api
7.x-1.2:x
storage_api_projectstorage_api
7.x-1.3:x
storage_api_projectstorage_api
7.x-1.4:x
storage_api_projectstorage_api
7.x-1.5:x
storage_api_projectstorage_api
7.x-1.6:x
storage_api_projectstorage_api
7.x-1.7:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.securityfocus.com/bid/74867
https://www.drupal.org/node/2495895
https://www.drupal.org/node/2495903
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.securityfocus.com/bid/74867
https://www.drupal.org/node/2495895
https://www.drupal.org/node/2495903