// For flags

CVE-2015-5515

 

Severity Score

4.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled.

Vulnerabilidad en el módulo Views Bulk Operations (VBO) 6.x-1.x y 7.x-3.x en versiones anteriores a 7.x-3.3 para Drupal, cuando la operación bulk para cambiar Roles está habilitada, permite a usuarios remotos autenticados editar cuentas de usuario y añadir roles arbtrarios a las cuentas aprovechando el acceso a una vista de un listado de cuentas de usuario con VBO habilitado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-07-10 CVE Reserved
  • 2015-08-18 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
6.x-1.17
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "6.x-1.17"
drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
6.x-1.x
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "6.x-1.x"
dev, drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.0
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.0"
drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.0
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.0"
alpha1, drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.0
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.0"
alpha2, drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.0
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.0"
alpha3, drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.0
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.0"
beta1, drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.0
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.0"
beta2, drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.0
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.0"
beta3, drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.0
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.0"
rc1, drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.1
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.1"
drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.2
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.2"
drupal
Affected
Views Bulk Operations Project
Search vendor "Views Bulk Operations Project"
Views Bulk Operations
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations"
7.x-3.x
Search vendor "Views Bulk Operations Project" for product "Views Bulk Operations" and version "7.x-3.x"
dev, drupal
Affected