Vulnerability Details : CVE-2014-8327
The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2014-8327
Probability of exploitation activity in the next 30 days: 0.12%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 45 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-8327
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
References for CVE-2014-8327
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/97668
fal_sftp extension for TYPO3 information disclosure CVE-2014-8327 Vulnerability Report
-
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-014/
Improper Access Control vulnerability in extension fal_sftp (fal_sftp)Vendor Advisory
-
http://typo3.org/extensions/repository/view/fal_sftp
fal_sftp (fal_sftp)Patch
Products affected by CVE-2014-8327
- cpe:2.3:a:fal_sftp_project:fal_sftp:*:*:*:*:*:typo3:*:*
- cpe:2.3:a:fal_sftp_project:fal_sftp:0.2.4:*:*:*:*:typo3:*:*