Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3475

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-3475
Last Modified 13 Aug 2012 12:00:00
Published 12 Aug 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3475

Summary

The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.

Vulnerable Systems

Application

  • Ushahidi Platform 1.0

  • Ushahidi Platform 1.2

  • Ushahidi Platform 2.0

  • Ushahidi Platform 2.1

  • Ushahidi Platform 2.2

  • Ushahidi Platform 2.2.1

  • Ushahidi Platform 2.3.1

  • Ushahidi Platform 2.3.2

  • Ushahidi Platform 2.4

  • Ushahidi Platform 2.4.1


References

CONFIRM - https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03

CONFIRM - https://github.com/ushahidi/Ushahidi_Web/commit/7892559

MLIST - [oss-security] 20120809 Re: CVE request for Ushahidi


Last Updated: 27 May 2016 10:51:39