Vulnerability Details CVE-2010-2473
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 3.5
References
Products affected by CVE-2010-2473
-
cpe:2.3:a:drupal:drupal:5.0
-
cpe:2.3:a:drupal:drupal:5.1
-
cpe:2.3:a:drupal:drupal:5.10
-
cpe:2.3:a:drupal:drupal:5.11
-
cpe:2.3:a:drupal:drupal:5.12
-
cpe:2.3:a:drupal:drupal:5.13
-
cpe:2.3:a:drupal:drupal:5.14
-
cpe:2.3:a:drupal:drupal:5.15
-
cpe:2.3:a:drupal:drupal:5.16
-
cpe:2.3:a:drupal:drupal:5.17
-
cpe:2.3:a:drupal:drupal:5.18
-
cpe:2.3:a:drupal:drupal:5.19
-
cpe:2.3:a:drupal:drupal:5.2
-
cpe:2.3:a:drupal:drupal:5.20
-
cpe:2.3:a:drupal:drupal:5.21
-
cpe:2.3:a:drupal:drupal:5.3
-
cpe:2.3:a:drupal:drupal:5.4
-
cpe:2.3:a:drupal:drupal:5.5
-
cpe:2.3:a:drupal:drupal:5.6
-
cpe:2.3:a:drupal:drupal:5.7
-
cpe:2.3:a:drupal:drupal:5.8
-
cpe:2.3:a:drupal:drupal:5.9
-
cpe:2.3:a:drupal:drupal:6.0
-
cpe:2.3:a:drupal:drupal:6.1
-
cpe:2.3:a:drupal:drupal:6.10
-
cpe:2.3:a:drupal:drupal:6.11
-
cpe:2.3:a:drupal:drupal:6.12
-
cpe:2.3:a:drupal:drupal:6.13
-
cpe:2.3:a:drupal:drupal:6.14
-
cpe:2.3:a:drupal:drupal:6.15
-
cpe:2.3:a:drupal:drupal:6.2
-
cpe:2.3:a:drupal:drupal:6.3
-
cpe:2.3:a:drupal:drupal:6.4
-
cpe:2.3:a:drupal:drupal:6.5
-
cpe:2.3:a:drupal:drupal:6.6
-
cpe:2.3:a:drupal:drupal:6.7
-
cpe:2.3:a:drupal:drupal:6.8
-
cpe:2.3:a:drupal:drupal:6.9