CVE-2012-2296

Name of the Vulnerable Software and Affected Versions Janrain Engage module for Drupal versions 6.x-1.x, 6.x-2.x before 6.x-2.2, 7.x-2.x before 7.x-2.2

Description The issue allows remote attackers to potentially obtain sensitive information by leveraging a separate vulnerability, as the Janrain Engage module stores user profile data from Engage in session tables.

Recommendations For versions 6.x-1.x, update to a version with the necessary security fixes. For versions 6.x-2.x before 6.x-2.2, update to version 6.x-2.2 or later. For versions 7.x-2.x before 7.x-2.2, update to version 7.x-2.2 or later.