CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-2203

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile33.96th
Published2018年2月1日
Last Modified2024年11月21日

Vulnerability Description

Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.

Affected Platforms (CPE)

📦
Evergreen Ils

Evergreen

= 2.5.9
📦
Evergreen Ils

Evergreen

= 2.6.7
📦
Evergreen Ils

Evergreen

= 2.7.4

References & Advisories

🔗 http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
🔗 http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
🔗 http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
🔗 http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
🔗 http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
🔗 http://www.openwall.com/lists/oss-security/2015/03/04/3
🔗 http://www.securityfocus.com/bid/72885
🔗 https://bugs.launchpad.net/evergreen/+bug/1206589

相關漏洞威脅

CVE-2015-22047.5

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restrictio...

CVE-2013-74356.5

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtai...

CVE-2014-16265.0

XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and...

CVE-2015-098710.0

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password tra...