CyberSec.Space Logo
Back to CVE Browser

CVE-2013-7435

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile13.64th
PublishedFeb 1, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

Affected Platforms (CPE)

πŸ“¦
Evergreen Ils

Evergreen

< 2.5.9
πŸ“¦
Evergreen Ils

Evergreen

>= 2.6.0 and < 2.6.7
πŸ“¦
Evergreen Ils

Evergreen

>= 2.7.0 and < 2.7.4

References & Advisories

πŸ”— http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
πŸ”— http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
πŸ”— http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
πŸ”— http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
πŸ”— http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
πŸ”— http://www.openwall.com/lists/oss-security/2015/03/04/3
πŸ”— https://bugs.launchpad.net/evergreen/+bug/1206589
πŸ”— http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9

Related Vulnerabilities

CVE-2015-22047.5

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restrictio...

CVE-2015-22036.5

Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings histo...

CVE-2014-16265.0

XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and...

CVE-2013-246310.0

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 a...