CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2013-7435

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile13.64th
Published2018年2月1日
Last Modified2024年11月21日

Vulnerability Description

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

Affected Platforms (CPE)

📦
Evergreen Ils

Evergreen

< 2.5.9
📦
Evergreen Ils

Evergreen

>= 2.6.0 and < 2.6.7
📦
Evergreen Ils

Evergreen

>= 2.7.0 and < 2.7.4

References & Advisories

🔗 http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
🔗 http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
🔗 http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
🔗 http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
🔗 http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
🔗 http://www.openwall.com/lists/oss-security/2015/03/04/3
🔗 https://bugs.launchpad.net/evergreen/+bug/1206589
🔗 http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9

相關漏洞威脅

CVE-2015-22047.5

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restrictio...

CVE-2015-22036.5

Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings histo...

CVE-2014-16265.0

XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and...

CVE-2013-273310.0

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to exec...