CVE-2012-1833 — MEDIUM (5.0)

Q: How severe is CVE-2012-1833?

CVE-2012-1833 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-1833?

Check the references section above for vendor advisories and patch information. Affected products include: Springsource Grails.

Vulnerability Description

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Springsource	Grails	<= 1.3.7

Related Weaknesses (CWE)

CWE-264

References

http://secunia.com/advisories/51113
http://support.springsource.com/security/cve-2012-1833ExploitPatchVendor Advisory
http://www.securityfocus.com/bid/55763
http://secunia.com/advisories/51113
http://support.springsource.com/security/cve-2012-1833ExploitPatchVendor Advisory
http://www.securityfocus.com/bid/55763

FAQ

What is CVE-2012-1833?

CVE-2012-1833 is a vulnerability with a CVSS score of 5.0 (MEDIUM). VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary o...

How severe is CVE-2012-1833?

CVE-2012-1833 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-1833?

Check the references section above for vendor advisories and patch information. Affected products include: Springsource Grails.