[Japanese]
|
JVNDB-2014-000006
|
EC-CUBE vulnerable to authorization bypass
|
EC-CUBE contains an authorization bypass vulnerability.
EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability (CWE-639).
The developer reported this vulnerability to JPCERT/CC under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 5.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: None
- Availability Impact: None
|
|
EC-CUBE CO.,LTD.
- EC-CUBE 2.11.0
- EC-CUBE 2.11.1
- EC-CUBE 2.11.2
- EC-CUBE 2.11.3
- EC-CUBE 2.11.4
- EC-CUBE 2.11.5
- EC-CUBE 2.12.0
- EC-CUBE 2.12.1
- EC-CUBE 2.12.2
|
|
A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.
|
[Apply the update or the patch]
Apply the update or the patch according to the information provided by the developer.
|
EC-CUBE CO.,LTD.
|
- Permissions(CWE-264) [IPA Evaluation]
|
- CVE-2014-0808
|
- JVN : JVN#51770585
- National Vulnerability Database (NVD) : CVE-2014-0808
|
- [2014/01/22]
Web page was published
[2014/01/27]
References : Content was added
- [2024/03/28]
Title was modified
Overview was modified
Vendor Information : Content was modified
References : Contents were modified
CWE was modified
- [2024/05/15]
Overview was modified
Impact was modified
|