CVE-2017-1000003

{"id": "CVE-2017-1000003", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-07-17T13:18:16.000", "references": [{"url": "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.atutor.ca/atutor/mantis/view.php?id=5681", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/99599", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation."}, {"lang": "es", "value": "ATutor en sus versiones 2.2.1 y anteriores es vulnerable a una verificaci\u00f3n de control de acceso incorrecta en el componente Social Application, lo que da como resultado un escalado de privilegios. ATutor en sus versiones 2.2.1 y anteriores es vulnerable a una verificaci\u00f3n de control de acceso incorrecta en el componente Module, lo que da como resultado un escalado de privilegios. ATutor en sus versiones 2.2.1 y anteriores es vulnerable a una verificaci\u00f3n de control de acceso incorrecta en el componente Alternative Content, lo que da como resultado un escalado de privilegios."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "477E8516-CADE-4D79-85C3-E64736C03CA7", "versionEndIncluding": "2.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}