CVE-2012-4500

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.

El módulo Announcements v6.x-1.x antes de v6.x-1.5 para Drupal permite a usuarios autenticados remotamente con permisos "access announcements" evitar restricciones y posiblemente tener otro impacto no especificado.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-08-21 CVE Reserved
2012-10-31 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (5)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2012/10/04/6	Mailing List
http://www.openwall.com/lists/oss-security/2012/10/07/1	Mailing List
http://www.securityfocus.com/bid/55283	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://drupal.org/node/1761038	2013-03-02
http://drupal.org/node/1762480	2013-03-02

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nancy Wichmann Search vendor "Nancy Wichmann"	Announcements Search vendor "Nancy Wichmann" for product "Announcements"	6.x-1.0 Search vendor "Nancy Wichmann" for product "Announcements" and version "6.x-1.0"	-	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	-	-	Safe
Nancy Wichmann Search vendor "Nancy Wichmann"	Announcements Search vendor "Nancy Wichmann" for product "Announcements"	6.x-1.0 Search vendor "Nancy Wichmann" for product "Announcements" and version "6.x-1.0"	beta	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	-	-	Safe
Nancy Wichmann Search vendor "Nancy Wichmann"	Announcements Search vendor "Nancy Wichmann" for product "Announcements"	6.x-1.1 Search vendor "Nancy Wichmann" for product "Announcements" and version "6.x-1.1"	-	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	-	-	Safe
Nancy Wichmann Search vendor "Nancy Wichmann"	Announcements Search vendor "Nancy Wichmann" for product "Announcements"	6.x-1.2 Search vendor "Nancy Wichmann" for product "Announcements" and version "6.x-1.2"	-	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	-	-	Safe
Nancy Wichmann Search vendor "Nancy Wichmann"	Announcements Search vendor "Nancy Wichmann" for product "Announcements"	6.x-1.3 Search vendor "Nancy Wichmann" for product "Announcements" and version "6.x-1.3"	-	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	-	-	Safe
Nancy Wichmann Search vendor "Nancy Wichmann"	Announcements Search vendor "Nancy Wichmann" for product "Announcements"	6.x-1.4 Search vendor "Nancy Wichmann" for product "Announcements" and version "6.x-1.4"	-	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	-	-	Safe
Nancy Wichmann Search vendor "Nancy Wichmann"	Announcements Search vendor "Nancy Wichmann" for product "Announcements"	6.x-1.x Search vendor "Nancy Wichmann" for product "Announcements" and version "6.x-1.x"	dev	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	-	-	Safe