CVE-2012-3473

{"id": "CVE-2012-3473", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-12T21:55:01.590", "references": [{"url": "http://openwall.com/lists/oss-security/2012/08/09/5", "source": "secalert@redhat.com"}, {"url": "https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad", "tags": ["Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions."}, {"lang": "es", "value": "El (1) Informe de la API y (2) la caracter\u00edstica de administraci\u00f3n de la API de comentarios en la plataforma de Ushahidi anterior a v2.5, no requieren de autenticaci\u00f3n, lo que permite a atacantes remotos generar informes y organizar los comentarios a trav\u00e9s de funciones de la API."}], "lastModified": "2012-08-13T17:54:29.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "984B26E4-C672-46DF-B26B-8CAAEDBDFEB0", "versionEndIncluding": "2.4.1"}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86468BDD-17C2-49CC-A488-F38CC8630979"}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8EBC5A6-4FB0-4385-8299-5D6298977534"}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "826225E4-F4F8-4FB6-AFAF-23CD6720CE5E"}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6754F1ED-E827-433C-8F50-71F04293EEB1"}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B1BC250-09BC-4051-ABEE-8B8FE1558279"}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D260CD2-5483-48D2-87B9-C0298F5F2B23"}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "489F7397-CF33-42C5-AF46-956D5692C6D1"}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1C84D59-409A-4E73-A65A-8B12594B61DF"}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A004E65-AFA7-4551-BA2B-8EF9450B0684"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}