Main Vulnerability Database Vulnerabilities #VU43455

#VU43455 Permissions, Privileges, and Access Controls in Grails - CVE-2012-1833

Published: September 29, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43455

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-1833

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Grails

Software vendor:
Grails

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.

Remediation

Install update from vendor's website.

External links

http://secunia.com/advisories/51113
http://support.springsource.com/security/cve-2012-1833
http://www.securityfocus.com/bid/55763

#VU43455 Permissions, Privileges, and Access Controls in Grails - CVE-2012-1833

Description

Remediation

External links

Please verify you're human