CVE-2012-3527

{"id": "CVE-2012-3527", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-09-05T23:55:01.880", "references": [{"url": "http://osvdb.org/84773", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/50287", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2012/dsa-2537", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a \"missing signature (HMAC).\""}, {"lang": "es", "value": "view_help.php en el sistema de ayuda backend de TYPO3 v4.5.x anterior a v4.5.19, v4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4 permite a usuarios remotos autenticados tomar una variable de objetos arbitrarios y posiblemente ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de un par\u00e1metro no especifico, en relaci\u00f3n con una \"missing signature (HMAC).\""}], "lastModified": "2024-01-21T02:47:51.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22CA92CF-92AF-4EFE-A391-0EAFB2F0FD4C", "versionEndExcluding": "4.5.19", "versionStartIncluding": "4.5.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "023FE42D-3819-4759-8EAF-C94DEAA6BC0B", "versionEndExcluding": "4.6.12", "versionStartIncluding": "4.6.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ED1BE21-919F-4F2C-A405-1493E905DB25", "versionEndExcluding": "4.7.4", "versionStartIncluding": "4.7.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}