CVE-2012-4021

Published Nov 8, 2012

Last updated 12 years ago

Overview

Description: MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 4.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mosp:kintai_kanri:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83EE0C90-5D5E-42E3-B32B-D122C427F1EF",
            "versionEndIncluding": "4.0.9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References