CVE-2013-4404

CWE-2645 documents5 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 55.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise MRG

Timeline

PublishedDec 23

Latest updateMay 13

Description

cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/enterprise_mrg2.4

🔴Vulnerability Details

GHSA

GHSA-445m-x6rq-hhpx: cumin in Red Hat Enterprise MRG Grid 2↗2022-05-13

▶

CVEList

CVE-2013-4404: cumin in Red Hat Enterprise MRG Grid 2↗2013-12-23

▶

📋Vendor Advisories

Red Hat

cumin: missing authorization checks in forms, charts, and csv export widgets↗2013-12-17

▶

💬Community

Bugzilla

CVE-2013-4404 cumin: missing authorization checks in forms, charts, and csv export widgets↗2013-08-08

▶