Lucene search
HistoryOct 03, 2022 - 4:24 p.m.
CVE-2009-4515
cve-2009-4515
drupal
storm module
information security
privilege requirements
remote attack
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
65.7%
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
Affected configurations
Node
speedtechstormMatch6.x-1.0
ORspeedtechstormMatch6.x-1.1
ORspeedtechstormMatch6.x-1.2
ORspeedtechstormMatch6.x-1.3
ORspeedtechstormMatch6.x-1.4
ORspeedtechstormMatch6.x-1.5
ORspeedtechstormMatch6.x-1.6
ORspeedtechstormMatch6.x-1.7
ORspeedtechstormMatch6.x-1.8
ORspeedtechstormMatch6.x-1.9
ORspeedtechstormMatch6.x-1.10
ORspeedtechstormMatch6.x-1.11
ORspeedtechstormMatch6.x-1.12
ORspeedtechstormMatch6.x-1.13
ORspeedtechstormMatch6.x-1.14
ORspeedtechstormMatch6.x-1.15
ORspeedtechstormMatch6.x-1.16
ORspeedtechstormMatch6.x-1.17
ORspeedtechstormMatch6.x-1.18
ORspeedtechstormMatch6.x-1.19
ORspeedtechstormMatch6.x-1.20
ORspeedtechstormMatch6.x-1.21
ORspeedtechstormMatch6.x-1.22
ORspeedtechstormMatch6.x-1.23
ORspeedtechstormMatch6.x-1.24
ORspeedtechstormMatch6.x-1.xdev
drupaldrupal
Related
cvelist
cvelist
CVE-2009-4515
2022-10-03 16:24:04
nvd
nvd
CVE-2009-4515
2009-12-31 19:30:00
prion
prion
Code injection
2009-12-31 19:30:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
65.7%
Related for CVE-2009-4515