Vulnerability Details : CVE-2012-2680
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing."
Products affected by CVE-2012-2680
- cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*
- cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2680
0.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2680
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-2680
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2680
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421
829421 – (CVE-2012-2680) CVE-2012-2680 cumin: authentication bypass flawsExploit
-
http://rhn.redhat.com/errata/RHSA-2012-1281.html
RHSA-2012:1281 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://www.securityfocus.com/bid/55618
Cumin Multiple Remote Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78770
Cumin and Red Hat Enterprise MRG Grid security bypass CVE-2012-2680 Vulnerability Report
-
http://rhn.redhat.com/errata/RHSA-2012-1278.html
RHSA-2012:1278 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to