PT-2018-4170 · Drupal · Entity Api

Published

2018-04-10

·

Updated

2018-05-18

·

CVE-2014-1400

CVSS v2.0

4.0

Medium

VectorAV:N/AC:L/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Entity API module versions 7.x-1.x through 7.x-1.2
Description The issue allows remote authenticated users to bypass intended access restrictions and read unpublished comments.
Recommendations For Entity API module versions 7.x-1.x through 7.x-1.2, update to version 7.x-1.3 or later to resolve the issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2014-1400

Affected Products

Entity Api