CVE-2014-9502

moderate-risk
Published 2018-02-01

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.

Do I need to act?

-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (11)

Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium

Affected Vendors

Open Atrium Project

References (8)

Issue Tracking http://www.openwall.com/lists/oss-security/2015/01/04/6
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/99655
Mitigation https://www.drupal.org/node/2394979
Patch https://www.drupal.org/node/2395045
Issue Tracking http://www.openwall.com/lists/oss-security/2015/01/04/6
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/99655
Mitigation https://www.drupal.org/node/2394979
Patch https://www.drupal.org/node/2395045
46
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 0/34 · Minimal
Exposure 16/34 · Moderate