CVE-2013-7435 — MEDIUM (6.5)

Q: How severe is CVE-2013-7435?

CVE-2013-7435 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-7435?

Check the references section above for vendor advisories and patch information. Affected products include: Evergreen-Ils Evergreen.

Vulnerability Description

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Evergreen-Ils	Evergreen	< 2.5.9

Related Weaknesses (CWE)

CWE-200

References

http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9Issue TrackingRelease Notes
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7Issue TrackingRelease Notes
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4Issue TrackingRelease Notes
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/Issue TrackingRelease Notes
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65
http://www.openwall.com/lists/oss-security/2015/03/04/3Issue TrackingMailing ListThird Party Advisory
https://bugs.launchpad.net/evergreen/+bug/1206589Issue TrackingPatch
http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9Issue TrackingRelease Notes
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7Issue TrackingRelease Notes
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4Issue TrackingRelease Notes
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/Issue TrackingRelease Notes
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65
http://www.openwall.com/lists/oss-security/2015/03/04/3Issue TrackingMailing ListThird Party Advisory
https://bugs.launchpad.net/evergreen/+bug/1206589Issue TrackingPatch

FAQ

What is CVE-2013-7435?

CVE-2013-7435 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user pe...

How severe is CVE-2013-7435?

CVE-2013-7435 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-7435?

Check the references section above for vendor advisories and patch information. Affected products include: Evergreen-Ils Evergreen.