Vulnerability Details CVE-2012-2315
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.118
EPSS Ranking 93.4%
CVSS Severity
CVSS v2 Score 4.0
References
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0007.html
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0021.html
- http://osvdb.org/78105
- http://secunia.com/advisories/47424
- http://www.openwall.com/lists/oss-security/2012/03/23/6
- http://www.openwall.com/lists/oss-security/2012/03/23/8
- http://www.openwall.com/lists/oss-security/2012/04/27/6
- http://www.openwall.com/lists/oss-security/2012/05/04/13
- http://www.openwall.com/lists/oss-security/2012/05/04/2
- http://www.securityfocus.com/bid/51250
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72112
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0007.html
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0021.html
- http://osvdb.org/78105
- http://secunia.com/advisories/47424
- http://www.openwall.com/lists/oss-security/2012/03/23/6
- http://www.openwall.com/lists/oss-security/2012/03/23/8
- http://www.openwall.com/lists/oss-security/2012/04/27/6
- http://www.openwall.com/lists/oss-security/2012/05/04/13
- http://www.openwall.com/lists/oss-security/2012/05/04/2
- http://www.securityfocus.com/bid/51250
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72112