Vulnerability Description
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Storage Api Project | Storage Api | 7.x-1.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/74867
- https://www.drupal.org/node/2495895Patch
- https://www.drupal.org/node/2495903PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/74867
- https://www.drupal.org/node/2495895Patch
- https://www.drupal.org/node/2495903PatchVendor Advisory
FAQ
What is CVE-2015-5502?
CVE-2015-5502 is a vulnerability with a CVSS score of 7.5 (HIGH). The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecif...
How severe is CVE-2015-5502?
CVE-2015-5502 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5502?
Check the references section above for vendor advisories and patch information. Affected products include: Storage Api Project Storage Api.