Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:evergreen-ils:evergreen:2.6.5:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-2204 |
Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. Published: February 01, 2018; 12:29:01 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-7435 |
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. Published: February 01, 2018; 12:29:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |