CVE-2014-6290

Published Oct 3, 2014

Last updated 3 months ago

CVSS info 7.5

Overview

Description: The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:news_project:news:*:*:*:*:*:typo3:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD35C9C0-1310-472F-AA81-3F897FE79FBB",
            "versionEndIncluding": "3.5.1"
          },
          {
            "criteria": "cpe:2.3:a:news_project:news:3.0.0:*:*:*:*:typo3:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8ECC153-644D-4C91-A8B1-2B88D0507C27"
          },
          {
            "criteria": "cpe:2.3:a:news_project:news:3.0.1:*:*:*:*:typo3:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4E38FF2-B282-4D81-957E-B9DB478383DE"
          },
          {
            "criteria": "cpe:2.3:a:news_project:news:3.1.0:*:*:*:*:typo3:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F017D15C-C54D-42FA-B4B3-B115D5BB4234"
          },
          {
            "criteria": "cpe:2.3:a:news_project:news:3.2.0:*:*:*:*:typo3:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FC22995-B7B9-4573-A144-CAFB02E1986E"
          },
          {
            "criteria": "cpe:2.3:a:news_project:news:3.2.1:*:*:*:*:typo3:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C2D72DE-8371-4059-ABE1-3EE7E57C4E78"
          },
          {
            "criteria": "cpe:2.3:a:news_project:news:3.4.0:*:*:*:*:typo3:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD950372-FFD0-4071-A14A-7CF560C6E40B"
          },
          {
            "criteria": "cpe:2.3:a:news_project:news:3.5.0:*:*:*:*:typo3:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AAB740B-E897-4396-B030-46E9CD17A3F4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References