Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2676

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2011-2676
Last Modified 21 Nov 2011 10:57:38
Published 03 Nov 2011 06:55:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-2676

Summary

The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.

Vulnerable Systems

Application

  • Ark-web A-form 1.3.5

  • Ark-web A-form 2.0.2

  • Ark-web A-form Bamboo 1.3.5

  • Ark-web A-form Bamboo 2.0.2

  • Ark-web A-form Pc 3.0

  • Ark-web A-form Pc Mobile 3.0


References

CONFIRM - http://www.ark-web.jp/movabletype/blog/2011/09/aform_update110927.html

CONFIRM - http://www.ark-web.jp/movabletype/a-form/docs/security_patch.html

XF - aformplugin-unspecified-security-bypass(70408)

JVNDB - JVNDB-2011-000078

JVN - JVN#34980730


Last Updated: 27 May 2016 10:57:04