We found results for “”
WS-2017-3804
Good to know:
Date: March 14, 2017
In Sakai, versions 11.0 through 11.4 are vulnerable to improper authorization. An attacker with “lessons update” permission could edit any page and subpage, including of other users.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Improper Authorization
CWE-285Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | LOW |