CVE-2014-3946
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.
La funcionalidad de cacheo de consulta en el componente Extbase Framework en TYPO3 6.2.0 anterior a 6.2.3 no valida debidamente permisos de grupo, lo que permite a usuarios remotos autenticados leer consultas arbitrarias a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-06-03 CVE Reserved
- 2014-06-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/06/03/2 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001 | 2014-06-04 | |
| http://www.debian.org/security/2014/dsa-2942 | 2014-06-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | 6.2 Search vendor "Typo3" for product "Typo3" and version "6.2" | - |
Affected
| ||||||
| Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | 6.2.0 Search vendor "Typo3" for product "Typo3" and version "6.2.0" | beta1 |
Affected
| ||||||
| Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | 6.2.0 Search vendor "Typo3" for product "Typo3" and version "6.2.0" | beta2 |
Affected
| ||||||
| Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | 6.2.0 Search vendor "Typo3" for product "Typo3" and version "6.2.0" | beta3 |
Affected
| ||||||
| Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | 6.2.1 Search vendor "Typo3" for product "Typo3" and version "6.2.1" | - |
Affected
| ||||||
| Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | 6.2.2 Search vendor "Typo3" for product "Typo3" and version "6.2.2" | - |
Affected
| ||||||