Lucene search

K
nvd[email protected]NVD:CVE-2010-1136
HistoryMar 27, 2010 - 7:07 p.m.

CVE-2010-1136

2010-03-2719:07:11
CWE-264
web.nvd.nist.gov
1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.013

Percentile

86.1%

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to “persistent login,” probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

Affected configurations

Nvd
Node
tikitikiwiki_cms\/groupwareMatch3.0
OR
tikitikiwiki_cms\/groupwareMatch3.1
OR
tikitikiwiki_cms\/groupwareMatch3.2
OR
tikitikiwiki_cms\/groupwareMatch3.3
OR
tikitikiwiki_cms\/groupwareMatch3.4
VendorProductVersionCPE
tikitikiwiki_cms\/groupware3.0cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.0:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware3.1cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.1:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware3.2cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.2:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware3.3cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.3:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware3.4cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.4:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.013

Percentile

86.1%

Related for NVD:CVE-2010-1136