CVE-2012-6563 : engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

Published 2013-05-23 15:55:02

Updated 2017-08-29 01:32:58

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-6563

Probability of exploitation activity in the next 30 days: 0.43%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-6563

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-6563

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-6563

http://www.securityfocus.com/bid/53623

Elgg Cross Site Scripting and Multiple Security Bypass Vulnerabilities

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/75757

Elgg multiple security bypass CVE-2012-6563 Vulnerability Report

CVEs referencing this url
http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released

The page is temporarily unavailable
Patch;Vendor Advisory

CVEs referencing this url
http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip

Patch

CVEs referencing this url

Products affected by CVE-2012-6563

Elgg » Elgg
Versions up to, including, (<=) 1.8.4
cpe:2.3:a:elgg:elgg:*:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.6
cpe:2.3:a:elgg:elgg:1.7.6:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.17
cpe:2.3:a:elgg:elgg:1.7.17:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.16
cpe:2.3:a:elgg:elgg:1.7.16:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.9
cpe:2.3:a:elgg:elgg:1.7.9:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.8
cpe:2.3:a:elgg:elgg:1.7.8:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.0
cpe:2.3:a:elgg:elgg:1.7.0:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.8.0.1
cpe:2.3:a:elgg:elgg:1.8.0.1:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.18
cpe:2.3:a:elgg:elgg:1.7.18:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.11
cpe:2.3:a:elgg:elgg:1.7.11:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.10
cpe:2.3:a:elgg:elgg:1.7.10:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.3
cpe:2.3:a:elgg:elgg:1.7.3:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.2
cpe:2.3:a:elgg:elgg:1.7.2:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.1
cpe:2.3:a:elgg:elgg:1.7.1:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.8.3
cpe:2.3:a:elgg:elgg:1.8.3:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.8.1
cpe:2.3:a:elgg:elgg:1.8.1:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.13
cpe:2.3:a:elgg:elgg:1.7.13:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.12
cpe:2.3:a:elgg:elgg:1.7.12:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.5
cpe:2.3:a:elgg:elgg:1.7.5:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.4
cpe:2.3:a:elgg:elgg:1.7.4:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.15
cpe:2.3:a:elgg:elgg:1.7.15:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.14
cpe:2.3:a:elgg:elgg:1.7.14:*:*:*:*:*:*:*
Matching versions
Elgg » Elgg » Version: 1.7.7
cpe:2.3:a:elgg:elgg:1.7.7:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-6563

Exploit prediction scoring system (EPSS) score for CVE-2012-6563

CVSS scores for CVE-2012-6563

CWE ids for CVE-2012-6563

References for CVE-2012-6563

Products affected by CVE-2012-6563