CVE-2012-3802

Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/1585648	Patch Vendor Advisory
http://www.securityfocus.com/bid/53589
http://www.openwall.com/lists/oss-security/2012/06/14/3
https://exchange.xforce.ibmcloud.com/vulnerabilities/75716

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:peter_pokrivcak:post_affiliate_pro:-:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Information

Published : 2012-06-27 11:55

Updated : 2017-08-28 18:32

NVD link : CVE-2012-3802

Mitre link : CVE-2012-3802

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

peter_pokrivcak

post_affiliate_pro

drupal

drupal

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://drupal.org/node/1585648", "name": "http://drupal.org/node/1585648", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/53589", "name": "53589", "tags": [], "refsource": "BID"}, {"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3", "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "tags": [], "refsource": "MLIST"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75716", "name": "postaffiliatepro-registration-xss(75716)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-3802", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-06-27T18:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:peter_pokrivcak:post_affiliate_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:32Z"}

4.0 /10