CVE-2010-1136

{"id": "CVE-2010-1136", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-03-27T19:07:11.890", "references": [{"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/62801", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/38882", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196", "source": "cve@mitre.org"}, {"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/38608", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56771", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to \"persistent login,\" probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php."}, {"lang": "es", "value": "El m\u00e9todo Standard Remember en TikiWiki CMS/Groupware 3v.x anteriores a v3.5 permite a atacantes remotos saltarse las restriccines de acceso relativas a \"persistent login\", probablemente a trav\u00e9s de la generaci\u00f3n de cookies predecibles basadas en la direcci\u00f3n IP a el agente User sobre userslib.php."}], "lastModified": "2017-08-17T01:32:16.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "481CEC51-C828-4AB7-9745-824B5D529D40"}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD3F664D-C59E-4033-805B-BB3C85528091"}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "457AEABE-F6C1-459A-883E-4D4F0DD8D441"}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4401BA0E-5F63-405C-8C42-C2E1E4C45306"}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69930A94-2008-4259-B2BE-BD159B1FD6FC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}