CVE-2014-9026CVE-2014-9026

Affected configuration(s):

cpe:/a:ubercart:ubercart:7.x-3.0::~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:alpha1:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:alpha2:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:alpha3:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:beta1:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:beta2:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:beta3:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:beta4:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:rc1:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:rc2:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:rc3:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.0:rc4:~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.1::~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.2::~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.3::~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.4::~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.5::~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.6::~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.7::~~~drupal~~
cpe:/a:ubercart:ubercart:7.x-3.x-dev::~~~drupal~~

Date published: 2014-11-20T12:50:15.660-05:00

Date last modified: 2014-11-20T21:43:26.583-05:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://www.drupal.org/node/2336109

Summary: The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the “view own orders” permission to obtain sensitive information via unspecified vectors.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.