#VU36800 Improper Privilege Management in Subrion CMS - CVE-2018-14836 

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU36800

#VU36800 Improper Privilege Management in Subrion CMS - CVE-2018-14836

Published: August 2, 2018 / Updated: August 8, 2020


Vulnerability identifier: #VU36800
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-14836
CWE-ID: CWE-269
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Subrion CMS
Software vendor:
Intelliants

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.


Remediation

Install update from vendor's website.

External links