Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6146

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-6146
Last Modified 21 May 2014 08:47:11
Published 20 May 2014 10:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-6146

Summary

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Vulnerable Systems

Application

  • Typo3 4.5

  • Typo3 4.5.0

  • Typo3 4.5.1

  • Typo3 4.5.10

  • Typo3 4.5.11

  • Typo3 4.5.12

  • Typo3 4.5.13

  • Typo3 4.5.14

  • Typo3 4.5.15

  • Typo3 4.5.16

  • Typo3 4.5.17

  • Typo3 4.5.18

  • Typo3 4.5.19

  • Typo3 4.5.2

  • Typo3 4.5.20

  • Typo3 4.5.3

  • Typo3 4.5.4

  • Typo3 4.5.5

  • Typo3 4.5.6

  • Typo3 4.5.7

  • Typo3 4.5.8

  • Typo3 4.5.9

  • Typo3 4.6.0

  • Typo3 4.6.1

  • Typo3 4.6.10

  • Typo3 4.6.11

  • Typo3 4.6.12

  • Typo3 4.6.13

  • Typo3 4.6.2

  • Typo3 4.6.3

  • Typo3 4.6.4

  • Typo3 4.6.5

  • Typo3 4.6.6

  • Typo3 4.6.7

  • Typo3 4.6.8

  • Typo3 4.6.9

  • Typo3 4.7

  • Typo3 4.7.0

  • Typo3 4.7.1

  • Typo3 4.7.2

  • Typo3 4.7.3

  • Typo3 4.7.4

  • Typo3 4.7.5


References

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/


Last Updated: 27 May 2016 11:05:19