CyberSec.Space Logo
Back to CVE Browser

CVE-2015-2203

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile33.96th
PublishedFeb 1, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.

Affected Platforms (CPE)

πŸ“¦
Evergreen Ils

Evergreen

= 2.5.9
πŸ“¦
Evergreen Ils

Evergreen

= 2.6.7
πŸ“¦
Evergreen Ils

Evergreen

= 2.7.4

References & Advisories

πŸ”— http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
πŸ”— http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
πŸ”— http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
πŸ”— http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
πŸ”— http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
πŸ”— http://www.openwall.com/lists/oss-security/2015/03/04/3
πŸ”— http://www.securityfocus.com/bid/72885
πŸ”— https://bugs.launchpad.net/evergreen/+bug/1206589

Related Vulnerabilities

CVE-2015-22047.5

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restrictio...

CVE-2013-74356.5

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtai...

CVE-2014-16265.0

XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and...

CVE-2015-034110.0

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X a...