Vulnerability Details CVE-2014-1398
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html
- http://www.openwall.com/lists/oss-security/2014/01/09/3
- http://www.securityfocus.com/bid/64729
- https://bugzilla.redhat.com/show_bug.cgi?id=1050802
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90215
- https://www.drupal.org/node/2169595
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html
- http://www.openwall.com/lists/oss-security/2014/01/09/3
- http://www.securityfocus.com/bid/64729
- https://bugzilla.redhat.com/show_bug.cgi?id=1050802
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90215
- https://www.drupal.org/node/2169595
Products affected by CVE-2014-1398
-
cpe:2.3:a:entity_api_project:entity_api:7.x-1.0
-
cpe:2.3:a:entity_api_project:entity_api:7.x-1.1
-
cpe:2.3:a:entity_api_project:entity_api:7.x-1.2
-
cpe:2.3:o:fedoraproject:fedora:19
-
cpe:2.3:o:fedoraproject:fedora:20