Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2012-1833 |
CWE-ID | CWE-264 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Grails Web applications / CMS |
Vendor | Grails |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU43455
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-1833
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.
MitigationInstall update from vendor's website.
Vulnerable software versionsGrails: 1.1.0 - 2.0.1
External linkshttp://secunia.com/advisories/51113
http://support.springsource.com/security/cve-2012-1833
http://www.securityfocus.com/bid/55763
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.