PT-2018-4168 · Drupal · Entity Api
Published
2018-04-10
·
Updated
2018-05-18
·
CVE-2014-1398
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Entity API module versions 7.x-1.x before 7.x-1.3
Description
The issue concerns the entity wrapper access API in the Entity API module for Drupal, which might allow remote authenticated users to bypass intended access restrictions on certain properties, including comment, user, and node statistics, via unspecified vectors.
Recommendations
For Entity API module versions 7.x-1.x before 7.x-1.3, update to version 7.x-1.3 or later to resolve the issue.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Entity Api