Vulnerability Details : CVE-2013-4609
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
Exploit prediction scoring system (EPSS) score for CVE-2013-4609
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4609
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2013-4609
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4609
-
http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
Penn State Clinical and Translational Science Institute
Products affected by CVE-2013-4609
- cpe:2.3:a:project-redcap:redcap:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.4:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.14.6:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*