Vulnerability Details CVE-2014-9504
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2015/01/04/6
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99657
- https://www.drupal.org/node/2394979
- https://www.drupal.org/node/2395045
- http://www.openwall.com/lists/oss-security/2015/01/04/6
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99657
- https://www.drupal.org/node/2394979
- https://www.drupal.org/node/2395045
Products affected by CVE-2014-9504
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.0
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.01
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.04
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.09
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.12
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.13
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.15
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.16
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.17
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.18
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.19
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.21
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.22
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.23
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.24
-
cpe:2.3:a:open_atrium_project:open_atrium:7.x-2.25