CVE-2013-4609
Published Jun 17, 2013
Last updated 3 years ago
Overview
- Description
- REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58C92B2E-A9AF-43B4-B1E4-7A873AF1DEAD"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:4.14.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA4E7E65-1147-4620-B31F-617D34822E9E"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:4.14.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00CED35E-7640-44D4-B5A4-EED2D0163C79"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:4.15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61C3C73D-1818-4DB7-A806-FC999EADE7E6"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:4.15.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8347F389-9331-4689-B52A-87ABFFF02141"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:4.15.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B739D2A5-46DF-4CE8-9BAB-6BB94743D21D"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:4.15.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7969B764-47A6-4AC7-B18E-236FF25C6552"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:4.15.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26E48768-FDF1-4A54-8F0E-EC4732B55D66"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F62B324D-6F70-41B8-B3AC-CDA6D4C3AB25"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7712A887-BB81-4FAE-9B76-FB9886BE41D5"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:5.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "817D8D01-B8E1-4F86-9ACE-0CAF87DA13A2"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA90F46D-9A07-47ED-9A61-C82CBF823D55"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BDCFE16-45B4-4ADA-AD2D-CBD7706A0C23"
},
{
"criteria": "cpe:2.3:a:project-redcap:redcap:5.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A84CE53C-EFC2-4DAA-B3A5-E165F9AE56FE"
},
{
"criteria": "cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F97C5D09-EDA5-4FDC-B93B-65A7BBE87395",
"versionEndIncluding": "5.0.3"
},
{
"criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D293B038-228E-42B6-BC99-9BDFCD8D562C"
},
{
"criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "789C86D0-A11F-4C40-950A-5A617AD7C23A"
},
{
"criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C366E672-CD77-4932-80D2-09A61B3B1A8E"
},
{
"criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7055FD2-C107-4D23-8B8C-28607C0C0ADA"
},
{
"criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3242EC5F-0091-4097-9C6E-ADE5100017AF"
}
],
"operator": "OR"
}
]
}
]