Skip to main content

Subuser CVE-2012-4487

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2012-11-02 secalert@redhat.com
4.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 02, 2012 - 15:55 cve.org
MEDIUM 4.0

DescriptionCVE.org

The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created.

AnalysisAI

The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-264. The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created. Affected products include: Boombatower Subuser. Version information: before 6..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2012-4487 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy