JVNDB-2011-000078

[Japanese]
JVNDB-2011-000078
A-Form vulnerable in restricting access
Overview
A-Form contains a vulnerability in restricting access permissions. A-Form is a plug-in for Movable Type that adds mail forms and survey forms. A-Form contains a vulnerability in restricting access permissions.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.0 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: Single Instance Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

ARK-Web co., ltd A-Form PC 3.0 and earlier A-Form PC/Mobile 3.0 and earlier A-Form 1.3.5 and earlier A-Form bamboo 1.3.5 and earlier A-Form 2.0.2 and earlier A-Form bamboo 2.0.2 and earlier

Impact
Information managed by A-Form may be altered by a user who does not have administrative privileges.
Solution
[Update the Software] Update to the latest version according to the information provided by the developer. [Apply a patch] Apply the appropriate patch according to the information provided by the developer.
Vendor Information
ARK-Web co., ltd Movable Type : [Important] Security Update - Release of "A-Member PC 3.1" and "A-Form PC/Mobile 3.1" (Japanese only) Movable Type : How to apply the security patch for 1.3.6, 2.0.3, 3.1 (Japanese only) Movable Type : Movable Type Plugin - A-Form (Japanese only)
CWE (What is CWE?)
Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)
CVE-2011-2676
References
JVN : JVN#34980730 National Vulnerability Database (NVD) : CVE-2011-2676
Revision History
[2011/10/11] Web page published


Date Public	2011/10/07
Date First Published	2011/10/11
Date Last Updated	2011/10/11

A-Form vulnerable in restricting access