Lucene search

Japan Vulnerability NotesJVN:51770585

HistoryJan 22, 2014 - 12:00 a.m.

JVN#51770585: EC-CUBE vulnerable to authorization bypass

2014-01-2200:00:00

Japan Vulnerability Notes

jvn.jp

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.3%

JSON

EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability (CWE-639).

Impact

A user of the affected shopping website may obtain other users’ information by sending a crafted HTTP request.

Solution

Apply the update or the patch
Apply the update or the patch according to the information provided by the developer.

Products Affected

EC-CUBE 2.11.0
EC-CUBE 2.11.1
EC-CUBE 2.11.2
EC-CUBE 2.11.3
EC-CUBE 2.11.4
EC-CUBE 2.11.5
EC-CUBE 2.12.0
EC-CUBE 2.12.1
EC-CUBE 2.12.2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.3%

JSON

Related for JVN:51770585