Vulnerability Details CVE-2014-9503
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 5.5
References
- http://www.openwall.com/lists/oss-security/2015/01/04/6
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99656
- https://www.drupal.org/node/2394979
- https://www.drupal.org/node/2395045
- http://www.openwall.com/lists/oss-security/2015/01/04/6
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99656
- https://www.drupal.org/node/2394979
- https://www.drupal.org/node/2395045
Products affected by CVE-2014-9503
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.01
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.04
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.09
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.12
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.13
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.15
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.16
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.17
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.18
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.19
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.21
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.22
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.23
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.24
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.25