CVE-2012-1565

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://issues.ez.no/19238
http://osvdb.org/80098
http://www.securityfocus.com/bid/52516
http://www.openwall.com/lists/oss-security/2012/03/19/6
http://secunia.com/advisories/48338	Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/03/19/13
https://exchange.xforce.ibmcloud.com/vulnerabilities/74060

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ez:ez_publish:4.6.0:::::::*
	cpe:2.3:a:ez:ez_publish:4.2.0:::::::*
	cpe:2.3:a:ez:ez_publish:4.3.0:::::::*
	cpe:2.3:a:ez:ez_publish:4.4.0:::::::*
	cpe:2.3:a:ez:ez_publish:4.5.0:::::::*
	cpe:2.3:a:ez:ez_publish:4.1.4:::::::*

Information

Published : 2012-10-06 14:55

Updated : 2019-07-30 08:51

NVD link : CVE-2012-1565

Mitre link : CVE-2012-1565

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

ez

ez_publish

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://issues.ez.no/19238", "name": "http://issues.ez.no/19238", "tags": [], "refsource": "CONFIRM"}, {"url": "http://osvdb.org/80098", "name": "80098", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/52516", "name": "52516", "tags": [], "refsource": "BID"}, {"url": "http://www.openwall.com/lists/oss-security/2012/03/19/6", "name": "[oss-security] 20120319 CVE request: eZ Publish: insecure direct object reference", "tags": [], "refsource": "MLIST"}, {"url": "http://secunia.com/advisories/48338", "name": "48338", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.openwall.com/lists/oss-security/2012/03/19/13", "name": "[oss-security] 20120319 Re: CVE request: eZ Publish: insecure direct object reference", "tags": [], "refsource": "MLIST"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74060", "name": "ezpublish-unspec-vuln(74060)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-1565", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-10-06T21:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ez:ez_publish:4.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ez:ez_publish:4.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ez:ez_publish:4.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ez:ez_publish:4.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ez:ez_publish:4.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ez:ez_publish:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-07-30T15:51Z"}