CVE-2014-5032 - Permissions, Privileges, and Access Control vulnerability in Glpi-Project Glpi 0.84.6

Summary

GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.

Classification

CWE-264 - Permissions, Privileges, and Access Control

Risk level (CVSS 5.0)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Related CVE