Vulnerability Details : CVE-2015-2821
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2015-2821
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 40 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-2821
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2015-2821
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2821
-
http://www.securityfocus.com/bid/73700
TYPO3 Neos Extension CVE-2015-2821 Remote Privilege Escalation Vulnerability
-
http://typo3.org/teams/security/security-bulletins/typo3-neos/typo3-neos-sa-2015-001/
Privilege Escalation in TYPO3 NeosPatch;Vendor Advisory
Products affected by CVE-2015-2821
- cpe:2.3:a:typo3:neos:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:neos:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:neos:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:neos:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:neos:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:neos:1.2.1:*:*:*:*:*:*:*