Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2315

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-2315
Last Modified 10 Sep 2012 12:00:00
Published 09 Sep 2012 05:55:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-2315

Summary

admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.

Vulnerable Systems

Application

  • Openkm 5.1.7

  • Openkm 5.1.8


References

XF - openkm-userpermissions-security-bypass(72112)

BID - 51250

MLIST - [oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)

MLIST - [oss-security] 20120427 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)

MLIST - [oss-security] 20120323 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)

MLIST - [oss-security] 20120323 CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)

SECUNIA - 47424

OSVDB - 78105

BUGTRAQ - 20120104 Re: OpenKM 5.1.7 Privilege Escalation

BUGTRAQ - 20120103 OpenKM 5.1.7 Privilege Escalation


Last Updated: 27 May 2016 11:00:32