Vulnerability Details : CVE-2010-4215
UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup.
Exploit prediction scoring system (EPSS) score for CVE-2010-4215
Probability of exploitation activity in the next 30 days: 0.32%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4215
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2010-4215
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4215
-
http://sourceforge.net/mailarchive/message.php?msg_name=4CD9F6F5.4030204%40lavrsen.dk
Page not found - SourceForge.net
-
http://foswiki.org/Support/SecurityAlertCVE20104215
SecurityAlertCVE20104215 < Support < FoswikiPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/44858
Foswiki Topic Settings Remote Privilege Escalation Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/63253
Foswiki Manage.pm privilege escalation CVE-2010-4215 Vulnerability Report
Products affected by CVE-2010-4215
- cpe:2.3:a:foswiki:foswiki:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:foswiki:foswiki:1.1.1:*:*:*:*:*:*:*