Lucene search
MitreCVE-2014-9025HistoryNov 20, 2014 - 5:50 p.m.
CVE-2014-9025
2014-11-2017:50:14
CWE-200
mitre
web.nvd.nist.gov
22
cve-2014-9025
drupal commerce
commerce_order module
information security
remote attackers
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.003
Percentile
69.6%
The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors.
Affected configurations
Node
commerceguyscommerceMatch7.x-1.0drupal
ORcommerceguyscommerceMatch7.x-1.0alpha1drupal
ORcommerceguyscommerceMatch7.x-1.0alpha2drupal
ORcommerceguyscommerceMatch7.x-1.0alpha3drupal
ORcommerceguyscommerceMatch7.x-1.0alpha4drupal
ORcommerceguyscommerceMatch7.x-1.0alpha5drupal
ORcommerceguyscommerceMatch7.x-1.0beta1drupal
ORcommerceguyscommerceMatch7.x-1.0beta2drupal
ORcommerceguyscommerceMatch7.x-1.0beta3drupal
ORcommerceguyscommerceMatch7.x-1.0beta4drupal
ORcommerceguyscommerceMatch7.x-1.0rc1drupal
ORcommerceguyscommerceMatch7.x-1.0rc2drupal
ORcommerceguyscommerceMatch7.x-1.0rc3drupal
ORcommerceguyscommerceMatch7.x-1.1drupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| commerceguys | commerce | 7.x-1.0 | cpe:2.3:a:commerceguys:commerce:7.x-1.0:*:*:*:*:drupal:*:* |
| commerceguys | commerce | 7.x-1.0 | cpe:2.3:a:commerceguys:commerce:7.x-1.0:alpha1:*:*:*:drupal:*:* |
| commerceguys | commerce | 7.x-1.0 | cpe:2.3:a:commerceguys:commerce:7.x-1.0:alpha2:*:*:*:drupal:*:* |
| commerceguys | commerce | 7.x-1.0 | cpe:2.3:a:commerceguys:commerce:7.x-1.0:alpha3:*:*:*:drupal:*:* |
| commerceguys | commerce | 7.x-1.0 | cpe:2.3:a:commerceguys:commerce:7.x-1.0:alpha4:*:*:*:drupal:*:* |
| commerceguys | commerce | 7.x-1.0 | cpe:2.3:a:commerceguys:commerce:7.x-1.0:alpha5:*:*:*:drupal:*:* |
| commerceguys | commerce | 7.x-1.0 | cpe:2.3:a:commerceguys:commerce:7.x-1.0:beta1:*:*:*:drupal:*:* |
| commerceguys | commerce | 7.x-1.0 | cpe:2.3:a:commerceguys:commerce:7.x-1.0:beta2:*:*:*:drupal:*:* |
| commerceguys | commerce | 7.x-1.0 | cpe:2.3:a:commerceguys:commerce:7.x-1.0:beta3:*:*:*:drupal:*:* |
| commerceguys | commerce | 7.x-1.0 | cpe:2.3:a:commerceguys:commerce:7.x-1.0:beta4:*:*:*:drupal:*:* |
Related
nvd
nvd
CVE-2014-9025
2014-11-20 17:50:14
cvelist
cvelist
CVE-2014-9025
2014-11-20 17:00:00
drupal
drupal
SA-CONTRIB-2014-087 - Drupal Commerce - Information disclosure
2014-09-10 00:00:00
prion
prion
Default configuration
2014-11-20 17:50:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.003
Percentile
69.6%
Related for CVE-2014-9025