CVE-2015-5515

Name of the Vulnerable Software and Affected Versions Views Bulk Operations (VBO) module versions 6.x-1.x and 7.x-3.x before 7.x-3.3

Description The issue allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled, when the bulk operation for changing Roles is enabled.

Recommendations For versions 6.x-1.x, update to a version that includes the necessary security fixes. For versions 7.x-3.x before 7.x-3.3, update to version 7.x-3.3 or later to resolve the issue.