Vulnerabilities > Evergreen ILS > Evergreen > 2.7.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-01 | CVE-2015-2203 | Information Exposure vulnerability in Evergreen-Ils Evergreen 2.5.9/2.6.7/2.7.4 Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL. | 6.5 |