Vulnerability Details : CVE-2014-8328
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.
Vulnerability category: Information leak
Products affected by CVE-2014-8328
- Dynamic Content Elements Project » Dynamic Content Elements » For Typo3Versions from including (>=) 0.11.0 and before (<) 0.11.5cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*
- Dynamic Content Elements Project » Dynamic Content Elements » For Typo3Versions from including (>=) 0.9.0 and up to, including, (<=) 0.9.4cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*
- Dynamic Content Elements Project » Dynamic Content Elements » For Typo3Versions from including (>=) 0.8.0 and up to, including, (<=) 0.8.6cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*
- Dynamic Content Elements Project » Dynamic Content Elements » For Typo3Versions from including (>=) 0.10.0 and up to, including, (<=) 0.10.2cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*
- Dynamic Content Elements Project » Dynamic Content Elements » For Typo3Versions from including (>=) 0.7.0 and up to, including, (<=) 0.7.5cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8328
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8328
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2014-8328
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8328
-
http://typo3.org/extensions/repository/view/dce
TYPO3 Extension 'Dynamic Content Elements (DCE)' (dce)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/97673
Dynamic Content Elements extension for TYPO3 information disclosure CVE-2014-8328 Vulnerability ReportVDB Entry
-
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/
TYPO3-EXT-SA-2014-015: Information Disclosure vulnerability in Dynamic Content Elements (dce)Vendor Advisory
Jump to