Lucene search

[email protected]NVD:CVE-2013-7073

HistoryDec 23, 2013 - 11:55 p.m.

CVE-2013-7073

2013-12-2323:55:04

CWE-264

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.9%

JSON

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

Affected configurations

NVD

Node

typo3typo3Match4.5.0

typo3typo3Match4.5.1

typo3typo3Match4.5.2

typo3typo3Match4.5.3

typo3typo3Match4.5.4

typo3typo3Match4.5.5

typo3typo3Match4.5.6

typo3typo3Match4.5.7

typo3typo3Match4.5.8

typo3typo3Match4.5.9

typo3typo3Match4.5.10

typo3typo3Match4.5.11

typo3typo3Match4.5.12

typo3typo3Match4.5.13

typo3typo3Match4.5.14

typo3typo3Match4.5.15

typo3typo3Match4.5.16

typo3typo3Match4.5.17

typo3typo3Match4.5.18

typo3typo3Match4.5.19

typo3typo3Match4.5.20

typo3typo3Match4.5.21

typo3typo3Match4.5.22

typo3typo3Match4.5.23

typo3typo3Match4.5.24

typo3typo3Match4.5.25

typo3typo3Match4.5.26

typo3typo3Match4.5.27

typo3typo3Match4.5.28

typo3typo3Match4.5.29

typo3typo3Match4.5.30

typo3typo3Match4.5.31

Node

typo3typo3Match6.1

typo3typo3Match6.1.1

typo3typo3Match6.1.2

typo3typo3Match6.1.3

typo3typo3Match6.1.4

typo3typo3Match6.1.5

typo3typo3Match6.1.6

Node

typo3typo3Match6.0

typo3typo3Match6.0.1

typo3typo3Match6.0.2

typo3typo3Match6.0.3

typo3typo3Match6.0.4

typo3typo3Match6.0.5

typo3typo3Match6.0.6

typo3typo3Match6.0.7

typo3typo3Match6.0.8

typo3typo3Match6.0.9

typo3typo3Match6.0.10

typo3typo3Match6.0.11

Node

typo3typo3Match4.7.0

typo3typo3Match4.7.1

typo3typo3Match4.7.2

typo3typo3Match4.7.3

typo3typo3Match4.7.4

typo3typo3Match4.7.5

typo3typo3Match4.7.6

typo3typo3Match4.7.7

typo3typo3Match4.7.8

typo3typo3Match4.7.9

typo3typo3Match4.7.10

typo3typo3Match4.7.11

typo3typo3Match4.7.12

typo3typo3Match4.7.13

typo3typo3Match4.7.14

typo3typo3Match4.7.15

typo3typo3Match4.7.16

References

lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html

lists.opensuse.org/opensuse-updates/2016-08/msg00083.html

lists.opensuse.org/opensuse-updates/2016-08/msg00106.html

seclists.org/oss-sec/2013/q4/473

seclists.org/oss-sec/2013/q4/487

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/

www.debian.org/security/2014/dsa-2834

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.9%

JSON

Related for NVD:CVE-2013-7073

cve1 ubuntucve1 cvelist1 prion1 osv1 github1 openvas4 nessus4 suse1 debian2 typo31 securityvulns2