CVE-2011-2676

Severity Score

5.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.

Lo complementos A-Form y A-Form bamboo antes de v1.3.6 y v2.x antes de v2.0.3, y A-Form PC y PC/Mobile antes de v3.1 para Movable Type, no requieren autenticación administrativa, lo que permite a usuarios autenticados remotamente modificar datos a través de vectores no especificados

*Credits: N/A

CVSS Scores

NISTv2 5.5

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-07-07 CVE Reserved
2011-11-03 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (5)

URL	Tag	Source
http://jvn.jp/en/jp/JVN34980730/index.html	Third Party Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000078	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/70408	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://www.ark-web.jp/movabletype/a-form/docs/security_patch.html	2017-08-29
http://www.ark-web.jp/movabletype/blog/2011/09/aform_update110927.html	2017-08-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ark-web Search vendor "Ark-web"	A-form Search vendor "Ark-web" for product "A-form"	<= 1.3.5 Search vendor "Ark-web" for product "A-form" and version " <= 1.3.5"	-	Affected	in	Six Apart Search vendor "Six Apart"	Movable Type Search vendor "Six Apart" for product "Movable Type"	*	-	Safe
Ark-web Search vendor "Ark-web"	A-form Search vendor "Ark-web" for product "A-form"	2.0.2 Search vendor "Ark-web" for product "A-form" and version "2.0.2"	-	Affected	in	Six Apart Search vendor "Six Apart"	Movable Type Search vendor "Six Apart" for product "Movable Type"	*	-	Safe
Ark-web Search vendor "Ark-web"	A-form Bamboo Search vendor "Ark-web" for product "A-form Bamboo"	1.3.5 Search vendor "Ark-web" for product "A-form Bamboo" and version "1.3.5"	-	Affected	in	Six Apart Search vendor "Six Apart"	Movable Type Search vendor "Six Apart" for product "Movable Type"	*	-	Safe
Ark-web Search vendor "Ark-web"	A-form Bamboo Search vendor "Ark-web" for product "A-form Bamboo"	2.0.2 Search vendor "Ark-web" for product "A-form Bamboo" and version "2.0.2"	-	Affected	in	Six Apart Search vendor "Six Apart"	Movable Type Search vendor "Six Apart" for product "Movable Type"	*	-	Safe
Ark-web Search vendor "Ark-web"	A-form Pc Search vendor "Ark-web" for product "A-form Pc"	<= 3.0 Search vendor "Ark-web" for product "A-form Pc" and version " <= 3.0"	-	Affected	in	Six Apart Search vendor "Six Apart"	Movable Type Search vendor "Six Apart" for product "Movable Type"	*	-	Safe
Ark-web Search vendor "Ark-web"	A-form Pc Mobile Search vendor "Ark-web" for product "A-form Pc Mobile"	<= 3.0 Search vendor "Ark-web" for product "A-form Pc Mobile" and version " <= 3.0"	-	Affected	in	Six Apart Search vendor "Six Apart"	Movable Type Search vendor "Six Apart" for product "Movable Type"	*	-	Safe