CVE-2015-10012

{"id": "CVE-2015-10012", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "cna@vuldb.com"}], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 2.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-01-03T09:15:09.707", "references": [{"url": "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8", "tags": ["Patch", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.217268", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.217268", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?ctiid.217268", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.217268", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en sumocoders FrameworkUserBundle hasta 1.3.x. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo Resources/views/Security/login.html.twig es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la exposici\u00f3n de informaci\u00f3n a trav\u00e9s de mensajes de error. La actualizaci\u00f3n a la versi\u00f3n 1.4.0 puede solucionar este problema. El nombre del parche es abe4993390ba9bd7821ab12678270556645f94c8. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-217268. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."}], "lastModified": "2024-11-21T02:24:10.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sumocoders:frameworkuserbundle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23972C95-47CE-4B66-A7DB-2A7B0C6C90AE", "versionEndExcluding": "1.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}