Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5588

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-5588
Last Modified 27 Dec 2012 12:00:00
Published 26 Dec 2012 12:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-5588

Summary

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors.

Vulnerable Systems

Application

  • Epiqo Email 6.x-1.0

  • Epiqo Email 6.x-1.1

  • Epiqo Email 6.x-1.2

  • Epiqo Email 6.x-1.x


References

MLIST - [oss-security] 20121128 Re: CVE request for Drupal contributed modules

MISC - http://drupal.org/node/1853214

CONFIRM - http://drupal.org/node/1852612


Last Updated: 27 May 2016 11:01:30