[Japanese]
|
JVNDB-2014-000006
|
EC-CUBE vulnerable to information disclosure
|
EC-CUBE contains an information disclosure vulnerability.
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability.
The developer reported this vulnerability to JPCERT/CC under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 5.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: None
- Availability Impact: None
|
|
LOCKON CO.,LTD
- EC-CUBE 2.11.0
- EC-CUBE 2.11.1
- EC-CUBE 2.11.2
- EC-CUBE 2.11.3
- EC-CUBE 2.11.4
- EC-CUBE 2.11.5
- EC-CUBE 2.12.0
- EC-CUBE 2.12.1
- EC-CUBE 2.12.2
|
|
User's information may be obtained by other user who visits the shopping site.
|
[Apply the update or the patch]
Apply the update or the patch according to the information provided by the developer.
|
LOCKON CO.,LTD
|
- Information Exposure(CWE-200) [IPA Evaluation]
|
- CVE-2014-0808
|
- JVN : JVN#51770585
- National Vulnerability Database (NVD) : CVE-2014-0808
- IPA SECURITY ALERTS : Security Alert for EC-CUBE vulnerable to information disclosure (JVN#51770585) (in Japanese)
|
- [2014/01/22]
Web page was published
[2014/01/27]
References : Content was added
|