Main Vulnerability Database Vulnerabilities #VU43455

Permissions, Privileges, and Access Controls in Grails - CVE-2012-1833

Published: September 29, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43455

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-1833

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Grails

Affected software:
Grails

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.

How to mitigate CVE-2012-1833

Install update from vendor's website.

Sources

http://secunia.com/advisories/51113
http://support.springsource.com/security/cve-2012-1833
http://www.securityfocus.com/bid/55763

Permissions, Privileges, and Access Controls in Grails - CVE-2012-1833

Detailed vulnerability description

How to mitigate CVE-2012-1833

Sources

Please verify you're human