CVE-2014-9026

Published Nov 20, 2014

Last updated 10 years ago

CVSS info 4.0

Overview

Description: The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D29EEA52-96A0-44C1-9071-B6EC9E6F8188"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "419FF425-63BD-49D1-84A3-8D0C1CDA751F"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "293C5C01-8107-4BD7-AD51-F5C15FE0F66A"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF9D8CEC-352B-4656-BBCF-03D5B2FFF8B2"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7499E4CD-6983-46DE-AA79-90F444209EDF"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D20B8F86-B193-49B8-8E72-64D14E68044F"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "758AA6A4-7824-4C6B-A278-618772EBAE09"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "820CAF34-D490-4C2D-B461-9D10F2F52A46"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F16BEE5-8477-4D59-B4EB-34DD5EB1D422"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13602E33-A429-41C0-8CDA-C8C4EA3B6312"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1CEE3CD-B16B-4DE4-8788-E7AA63700A99"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC73007D-B606-4F00-9C81-ACDC5480B87B"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.1:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5053FE19-96CB-4326-9DF9-CBC964A2CF84"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.2:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC4CE436-D86F-42B7-8050-278D7FB3CA46"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.3:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F162A40-ED3B-4188-B571-DCFE4E74DAA9"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.4:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E16BE816-EE47-478D-96C5-7010C6245DC0"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.5:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72DFE9B2-0A8A-4AEE-BD90-22097C8A396F"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.6:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38067B2B-634D-4C96-90CB-1A1E6A93F09F"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.7:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DBB449B-2436-4231-91B2-C8648A3FEDA2"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.x-dev:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FD6E5A5-303F-420E-8AF1-0B5BE8A4DCD0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References