Vulnerability Details : CVE-2014-2552
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.
Products affected by CVE-2014-2552
- cpe:2.3:a:brookinsconsulting:collected_information_export:1.1.0:*:*:*:*:ez_publish:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2552
0.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2552
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2014-2552
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2552
-
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853
Third Party Advisory
-
https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f
Updated: Commented out role policy override settings for greater defa… · brookinsconsulting/bccie@d11811b · GitHubPatch;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/92129
BC Collected Information Export extension for eZ Publish security bypass CVE-2014-2552 Vulnerability ReportThird Party Advisory;VDB Entry
Jump to