Vulnerability Description
The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ark-Web | A-Form | <= 1.3.5 |
| Ark-Web | A-Form Bamboo | 1.3.5 |
| Ark-Web | A-Form Pc | <= 3.0 |
| Ark-Web | A-Form Pc Mobile | <= 3.0 |
| Six Apart | Movable Type | All versions |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN34980730/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2011-000078
- http://www.ark-web.jp/movabletype/a-form/docs/security_patch.htmlPatch
- http://www.ark-web.jp/movabletype/blog/2011/09/aform_update110927.htmlPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70408
- http://jvn.jp/en/jp/JVN34980730/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2011-000078
- http://www.ark-web.jp/movabletype/a-form/docs/security_patch.htmlPatch
- http://www.ark-web.jp/movabletype/blog/2011/09/aform_update110927.htmlPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70408
FAQ
What is CVE-2011-2676?
CVE-2011-2676 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote auth...
How severe is CVE-2011-2676?
CVE-2011-2676 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2676?
Check the references section above for vendor advisories and patch information. Affected products include: Ark-Web A-Form, Ark-Web A-Form Bamboo, Ark-Web A-Form Pc, Ark-Web A-Form Pc Mobile, Six Apart Movable Type.