製品・ソフトウェアに関する情報

JVN脆弱性詳細

eZ Publish 用 BC Collected Information Export エクステンションにおける認可・権限・アクセス制御に関する脆弱性

Title	eZ Publish 用 BC Collected Information Export エクステンションにおける認可・権限・アクセス制御に関する脆弱性
Summary	eZ Publish 用 Brookins Consulting (BC) Collected Information Export エクステンションには、認可・権限・アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 13, 2014, midnight
Registration Date	June 25, 2018, 4:54 p.m.
Last Update	June 25, 2018, 4:54 p.m.

Affected System

Brookins Consulting

Collected Information Export 1.1.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-2552	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2552
National Vulnerability Database (NVD)
2	CVE-2014-2552	https://nvd.nist.gov/vuln/detail/CVE-2014-2552

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
GitHub
1	Updated: Commented out role policy override settings for greater default security of cie information	https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f

Change Log

No	Changed Details	Date of change
1	[2018年06月25日] 掲載	June 25, 2018, 4:54 p.m.

NVD Vulnerability Information

CVE-2014-2552

Summary	Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.
Publication Date	April 28, 2018, 1:29 a.m.
Registration Date	Jan. 26, 2021, 3:08 p.m.
Last Update	Nov. 21, 2024, 11:06 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:brookinsconsulting:collected_information_export:1.1.0:::::ez_publish::

Related information, measures and tools

No	URL	タグ
1	https://exchange.xforce.ibmcloud.com/vulnerabilities/92129	Third Party Advisory VDB Entry
2	https://exchange.xforce.ibmcloud.com/vulnerabilities/92129	Third Party Advisory VDB Entry
3	https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f	Patch Third Party Advisory
4	https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f	Patch Third Party Advisory
5	https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853	Third Party Advisory
6	https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html