Vulnerabilities > Evergreen ILS

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-01	CVE-2015-2204	Information Exposure vulnerability in Evergreen-Ils Evergreen Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. network low complexity evergreen-ils CWE-200	7.5
2018-02-01	CVE-2015-2203	Information Exposure vulnerability in Evergreen-Ils Evergreen 2.5.9/2.6.7/2.7.4 Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL. network low complexity evergreen-ils CWE-200	6.5
2018-02-01	CVE-2013-7435	Information Exposure vulnerability in Evergreen-Ils Evergreen The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. network low complexity evergreen-ils CWE-200	6.5

Vulnerabilities > Evergreen ILS {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Evergreen ILS"}]}