Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3473

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-3473
Last Modified 13 Aug 2012 01:54:29
Published 12 Aug 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3473

Summary

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.

Vulnerable Systems

Application

  • Ushahidi Platform 1.0

  • Ushahidi Platform 1.2

  • Ushahidi Platform 2.0

  • Ushahidi Platform 2.1

  • Ushahidi Platform 2.2

  • Ushahidi Platform 2.2.1

  • Ushahidi Platform 2.3.1

  • Ushahidi Platform 2.3.2

  • Ushahidi Platform 2.4

  • Ushahidi Platform 2.4.1


References

CONFIRM - https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad

CONFIRM - https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4

MLIST - [oss-security] 20120809 Re: CVE request for Ushahidi


Last Updated: 27 May 2016 10:51:39