Vulnerability Details : CVE-2013-4609
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
Products affected by CVE-2013-4609
- cpe:2.3:a:project-redcap:redcap:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.4:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.14.6:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4609
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4609
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2013-4609
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4609
-
http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
Penn State Clinical and Translational Science Institute
Jump to