CVE-2009-4830 : Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to by

Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.

Published 2010-04-27 15:30:01

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-4830

Openx » Openx » Version: 2.8.1
cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*
Matching versions
Openx » Openx » Version: 2.8.2
cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-4830

EPSS FAQ

0.54%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-4830

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2009-4830

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-4830

http://forum.openx.org/index.php?showtopic=503454011

Patch
http://osvdb.org/61300
http://blog.openx.org/12/security-matters-2/

Patch;Vendor Advisory
http://secunia.com/advisories/37914

Vendor Advisory
http://www.securityfocus.com/bid/37457

Jump to

Vulnerability Details : CVE-2009-4830

Products affected by CVE-2009-4830

Exploit prediction scoring system (EPSS) score for CVE-2009-4830

CVSS scores for CVE-2009-4830

CWE ids for CVE-2009-4830

References for CVE-2009-4830