CVE-2012-4494
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.
El módulo de autenticación Shibboleth v7.x-4.0 para Drupal no comprueba correctamente la condición activa de los usuarios, lo que permite a usuarios remotos bloqueados eludir las restricciones de acceso y posiblemente tener otro impacto por el acceso.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-21 CVE Reserved
- 2012-10-31 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://drupal.org/node/1493244 | X_refsource_confirm | |
| http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2012/10/04/6 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/10/07/1 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1719392 | 2012-11-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Niif Search vendor "Niif" | Shibb Auth Search vendor "Niif" for product "Shibb Auth" | 7.x-4.0 Search vendor "Niif" for product "Shibb Auth" and version "7.x-4.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|