Lucene search

MitreCVE-2009-3122

HistorySep 09, 2009 - 10:30 p.m.

CVE-2009-3122

2009-09-0922:30:00

CWE-264

mitre

web.nvd.nist.gov

cve-2009-3122

ajax table

drupal

access control

remote attackers

delete

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.006

Percentile

79.4%

JSON

The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.

Affected configurations

Nvd

Node

chris_shattuckajaxtableMatch5.x-1.x-dev

AND

drupaldrupal

VendorProductVersionCPE
chris_shattuckajaxtable5.x-1.x-devcpe:2.3:a:chris_shattuck:ajaxtable:5.x-1.x-dev:*:*:*:*:*:*:*
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
chris_shattuck	ajaxtable	5.x-1.x-dev	cpe:2.3:a:chris_shattuck:ajaxtable:5.x-1.x-dev:::::::*
drupal	drupal	*	cpe:2.3:a:drupal:drupal::::::::

References

drupal.org/node/560298

secunia.com/advisories/36497

www.osvdb.org/57435

www.securityfocus.com/bid/36165

www.vupen.com/english/advisories/2009/2452

exchange.xforce.ibmcloud.com/vulnerabilities/52818

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.006

Percentile

79.4%

JSON

Related for CVE-2009-3122