Vulnerability Description
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ledgersmb | Ledgersmb | < 1.3.0 |
| Sql-Ledger | Sql-Ledger | - |
References
- http://osvdb.org/38217Broken Link
- http://osvdb.org/38218Broken Link
- http://securityreason.com/securityalert/2552Third Party Advisory
- http://www.securityfocus.com/archive/1/464880/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/23352Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33494Third Party AdvisoryVDB Entry
- https://github.com/ledgersmb/LedgerSMB/blob/master/ChangelogRelease Notes
- http://osvdb.org/38217Broken Link
- http://osvdb.org/38218Broken Link
- http://securityreason.com/securityalert/2552Third Party Advisory
- http://www.securityfocus.com/archive/1/464880/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/23352Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33494Third Party AdvisoryVDB Entry
- https://github.com/ledgersmb/LedgerSMB/blob/master/ChangelogRelease Notes
FAQ
What is CVE-2007-1923?
CVE-2007-1923 is a vulnerability with a CVSS score of 7.5 (HIGH). (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct r...
How severe is CVE-2007-1923?
CVE-2007-1923 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1923?
Check the references section above for vendor advisories and patch information. Affected products include: Ledgersmb Ledgersmb, Sql-Ledger Sql-Ledger.