Lucene search
MitreCVE-2014-9026HistoryNov 20, 2014 - 5:50 p.m.
CVE-2014-9026
2014-11-2017:50:15
CWE-264
mitre
web.nvd.nist.gov
23
cve-2014-9026
ubercart
drupal
information security
remote access
authenticated users
vulnerability
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0.001
Percentile
46.8%
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the “view own orders” permission to obtain sensitive information via unspecified vectors.
Affected configurations
Node
ubercartubercartMatch7.x-3.0drupal
ORubercartubercartMatch7.x-3.0alpha1drupal
ORubercartubercartMatch7.x-3.0alpha2drupal
ORubercartubercartMatch7.x-3.0alpha3drupal
ORubercartubercartMatch7.x-3.0beta1drupal
ORubercartubercartMatch7.x-3.0beta2drupal
ORubercartubercartMatch7.x-3.0beta3drupal
ORubercartubercartMatch7.x-3.0beta4drupal
ORubercartubercartMatch7.x-3.0rc1drupal
ORubercartubercartMatch7.x-3.0rc2drupal
ORubercartubercartMatch7.x-3.0rc3drupal
ORubercartubercartMatch7.x-3.0rc4drupal
ORubercartubercartMatch7.x-3.1drupal
ORubercartubercartMatch7.x-3.2drupal
ORubercartubercartMatch7.x-3.3drupal
ORubercartubercartMatch7.x-3.4drupal
ORubercartubercartMatch7.x-3.5drupal
ORubercartubercartMatch7.x-3.6drupal
ORubercartubercartMatch7.x-3.7drupal
ORubercartubercartMatch7.x-3.x-devdrupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ubercart | ubercart | 7.x-3.0 | cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:drupal:*:* |
| ubercart | ubercart | 7.x-3.0 | cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:drupal:*:* |
| ubercart | ubercart | 7.x-3.0 | cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:drupal:*:* |
| ubercart | ubercart | 7.x-3.0 | cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:drupal:*:* |
| ubercart | ubercart | 7.x-3.0 | cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:drupal:*:* |
| ubercart | ubercart | 7.x-3.0 | cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:drupal:*:* |
| ubercart | ubercart | 7.x-3.0 | cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:drupal:*:* |
| ubercart | ubercart | 7.x-3.0 | cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:drupal:*:* |
| ubercart | ubercart | 7.x-3.0 | cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:drupal:*:* |
| ubercart | ubercart | 7.x-3.0 | cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:drupal:*:* |
Related
cvelist
cvelist
CVE-2014-9026
2014-11-20 17:00:00
drupal
drupal
SA-CONTRIB-2014-085 - Ubercart - Information disclosure
2014-09-10 00:00:00
nvd
nvd
CVE-2014-9026
2014-11-20 17:50:15
prion
prion
Information disclosure
2014-11-20 17:50:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0.001
Percentile
46.8%
Related for CVE-2014-9026