CVE-2012-2315
NONE EPSS 92.7%
Published Sep 9, 201213y ago · Modified Jun 16, 20262w ago
Published Sep 9, 2012 13y ago
Last Modified Jun 16, 2026 2w ago
Description
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
Threat Intelligence
EPSS Exploit Probability
92.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-264
Affected Products 2
References 11
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2012-01/0007.html
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2012-01/0021.html
- osvdb.org http://osvdb.org/78105
- secunia.com http://secunia.com/advisories/47424
- openwall.com http://www.openwall.com/lists/oss-security/2012/03/23/6
- openwall.com http://www.openwall.com/lists/oss-security/2012/03/23/8
- openwall.com http://www.openwall.com/lists/oss-security/2012/04/27/6
- openwall.com http://www.openwall.com/lists/oss-security/2012/05/04/13
- openwall.com http://www.openwall.com/lists/oss-security/2012/05/04/2
- securityfocus.com http://www.securityfocus.com/bid/51250
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/72112
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.