Privilege Escalation in OpenKM Product by OpenKM
CVE-2012-2315

Currently unrated

Key Information:

Vendor

Openkm

Status
Openkm
Vendor
CVE Published:
9 September 2012

What is CVE-2012-2315?

OpenKM versions prior to 5.1.8-2 contain a security flaw in the admin/Auth functionality that does not adequately enforce user role privileges. This weakness allows remote authenticated users to exploit the userEdit action, granting themselves or others unauthorized administrator privileges. Such privilege escalation could lead to further exploitation of the system, compromising security and access controls.

References

http://www.openwall.com/lists/oss-security/2012/03/23/6
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2012/05/04/2
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/51250
vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.