CVE-2008-1627

CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:N/A:P

Exploitability : 6.8 / Impact : 2.9

References

Link	Resource
http://cdsware.cern.ch/invenio/news.html	Patch
http://cdsware.cern.ch/lists/project-cdsware-announce/archive/msg00021.shtml	Patch
http://secunia.com/advisories/29521	Patch Vendor Advisory
http://www.securityfocus.com/bid/28514
https://exchange.xforce.ibmcloud.com/vulnerabilities/41546

Configurations

Configuration 1 (hide)

cpe:2.3:a:cds_software_consortium:invenio:*:*:*:*:*:*:*:*

Information

Published : 2008-04-02 10:44

Updated : 2017-08-07 18:30

NVD link : CVE-2008-1627

Mitre link : CVE-2008-1627

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

cds_software_consortium