Vulnerability Description
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webgui | Plain Black Webgui | 0.9.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30782Vendor Advisory
- http://www.securityfocus.com/bid/29927
- http://www.vupen.com/english/advisories/2008/1932/references
- http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/
- http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43344
- http://secunia.com/advisories/30782Vendor Advisory
- http://www.securityfocus.com/bid/29927
- http://www.vupen.com/english/advisories/2008/1932/references
- http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/
- http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43344
FAQ
What is CVE-2008-3503?
CVE-2008-3503 is a vulnerability with a CVSS score of 5.0 (MEDIUM). RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).
How severe is CVE-2008-3503?
CVE-2008-3503 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3503?
Check the references section above for vendor advisories and patch information. Affected products include: Webgui Plain Black Webgui.