Main Vulnerability Database Vulnerabilities #VU30714

Use of insufficiently random values in TYPO3 - CVE-2010-3666

Published: November 4, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30714

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2010-3666

CWE-ID: CWE-330

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.

Install update from vendor's website.