CVE-2014-9504

moderate-risk
Published 2018-02-01

The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (11)

Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium
Open Atrium

Affected Vendors

Open Atrium Project

References (8)

Issue Tracking http://www.openwall.com/lists/oss-security/2015/01/04/6
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/99657
Mitigation https://www.drupal.org/node/2394979
Patch https://www.drupal.org/node/2395045
Issue Tracking http://www.openwall.com/lists/oss-security/2015/01/04/6
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/99657
Mitigation https://www.drupal.org/node/2394979
Patch https://www.drupal.org/node/2395045
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 16/34 · Moderate