Access bypass in Drupal - #VU547
Published: September 20, 2016
Vulnerability identifier: #VU547
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user to access potentially sensitive information and functionality with no permission.
The weakness exists due to access control error that allows a malicious user to obtain data or pages not allowed to view or read.
Successful exploitation of the vulnerability may lead to user's possibility to look over the data and perform unallowed activity.
The weakness exists due to access control error that allows a malicious user to obtain data or pages not allowed to view or read.
Successful exploitation of the vulnerability may lead to user's possibility to look over the data and perform unallowed activity.