CVE-2013-7435

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*
cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*
cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-01 17:29

Updated : 2024-02-04 19:46


NVD link : CVE-2013-7435

Mitre link : CVE-2013-7435

CVE.ORG link : CVE-2013-7435


JSON object : View

Products Affected

evergreen-ils

  • evergreen
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor