Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5586

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-5586
Last Modified 25 Feb 2013 11:52:04
Published 26 Dec 2012 12:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-5586

Summary

The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."

Vulnerable Systems

Application

  • Marc Ingram Services 6.x-3.0

  • Marc Ingram Services 6.x-3.1

  • Marc Ingram Services 6.x-3.2

  • Marc Ingram Services 6.x-3.x

  • Marc Ingram Services 7.x-3.0

  • Marc Ingram Services 7.x-3.1

  • Marc Ingram Services 7.x-3.2

  • Marc Ingram Services 7.x-3.3

  • Marc Ingram Services 7.x-3.x


References

MLIST - [oss-security] 20121128 Re: CVE request for Drupal contributed modules

MISC - http://drupal.org/node/1853200

CONFIRM - http://drupal.org/node/1842026

CONFIRM - http://drupal.org/node/1842022

BID - 56723


Last Updated: 27 May 2016 11:01:30