CVE-2015-7226

{"id": "CVE-2015-7226", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-17T16:59:05.087", "references": [{"url": "http://cgit.drupalcode.org/admin_views/commit/?id=44098bb", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/75697", "source": "cve@mitre.org"}, {"url": "https://www.drupal.org/node/2529366", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://www.drupal.org/node/2529378", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://cgit.drupalcode.org/admin_views/commit/?id=44098bb", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/75697", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.drupal.org/node/2529366", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.drupal.org/node/2529378", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler."}, {"lang": "es", "value": "Vulnerabilidad en el m\u00f3dulo Administration Views 7.x-1.x en versiones anteriores a 7.x-1.5 para Drupal, comprueba los permisos de acceso bas\u00e1ndose en la ruta del router desde view en lugar de la propiedad display, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores relacionados con el manejo de accesos."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:administration_views_project:administration_views:7.x-1.0:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "12E31109-601D-4962-998C-0AE06A4A2587"}, {"criteria": "cpe:2.3:a:administration_views_project:administration_views:7.x-1.0:rc1:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "D2375B7C-3AEE-44D5-B851-337259C60862"}, {"criteria": "cpe:2.3:a:administration_views_project:administration_views:7.x-1.1:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "0BB101A0-9F5E-4ACF-85F4-2FB747811469"}, {"criteria": "cpe:2.3:a:administration_views_project:administration_views:7.x-1.2:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "BE803C20-D397-445C-8932-E659ABAA1F8D"}, {"criteria": "cpe:2.3:a:administration_views_project:administration_views:7.x-1.3:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "4CD5FEA7-7DF5-490B-8BD4-66AE53D6C22E"}, {"criteria": "cpe:2.3:a:administration_views_project:administration_views:7.x-1.4:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "2842E1D2-DC11-4D59-85AA-BE0A7B631B00"}, {"criteria": "cpe:2.3:a:administration_views_project:administration_views:7.x-1.x:dev:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "C9613673-C043-46CA-BF5E-B37533834693"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}