Sign-up

ID

VAR-201202-0272


CVE

CVE-2012-1085


TITLE

TYPO3 for BE User Switch Vulnerabilities that can retrieve important information in extensions

Trust: 0.8

sources: JVNDB: JVNDB-2012-001467

DESCRIPTION

Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. BE User Switch 0.0.1 is vulnerable; other versions may be affected. Typo3, one of the leading brands of open source Content Management Systems (CMS) and Content Management Frameworks (CMF) based on PHP and MySQL databases, is a powerful open source solution

Trust: 1.98

sources: NVD: CVE-2012-1085 // JVNDB: JVNDB-2012-001467 // BID: 51852 // VULHUB: VHN-54366

AFFECTED PRODUCTS

vendor:typo3model:beuserswitchscope:eqversion:0.0.1

Trust: 1.6

vendor:be user switchmodel:be user switchscope:eqversion:0.0.1

Trust: 0.8

vendor:typo3model:be user switchscope:eqversion:0.0.1

Trust: 0.3

sources: BID: 51852 // JVNDB: JVNDB-2012-001467 // CNNVD: CNNVD-201202-265 // NVD: CVE-2012-1085

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1085
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1085
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201202-265
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54366
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1085
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-54366
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54366 // JVNDB: JVNDB-2012-001467 // CNNVD: CNNVD-201202-265 // NVD: CVE-2012-1085

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-1085

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-265

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201202-265

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001467

PATCH
title:TYPO3-EXT-SA-2012-001url:http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-001467

EXTERNAL IDS
db:NVDid:CVE-2012-1085
Trust: 2.5
db:BIDid:51852
Trust: 2.0
db:OSVDBid:78799
Trust: 1.7
db:JVNDBid:JVNDB-2012-001467
Trust: 0.8
db:CNNVDid:CNNVD-201202-265
Trust: 0.7
db:VULHUBid:VHN-54366
Trust: 0.1
sources:
            
            
            VULHUB: VHN-54366 // 
            
            
            
            BID: 51852 // 
            
            
            
            JVNDB: JVNDB-2012-001467 // 
            
            
            
            CNNVD: CNNVD-201202-265 // 
            
            
            
            NVD: CVE-2012-1085

REFERENCES
url:http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/
Trust: 2.0
url:http://www.securityfocus.com/bid/51852
Trust: 1.7
url:http://osvdb.org/78799
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72973
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1085
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1085
Trust: 0.8
url:http://typo3.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-54366 // 
            
            
            
            BID: 51852 // 
            
            
            
            JVNDB: JVNDB-2012-001467 // 
            
            
            
            CNNVD: CNNVD-201202-265 // 
            
            
            
            NVD: CVE-2012-1085

CREDITS
Helmut Hummel
Trust: 0.3
sources:
            
            
            BID: 51852

SOURCES
db:VULHUBid:VHN-54366
db:BIDid:51852
db:JVNDBid:JVNDB-2012-001467
db:CNNVDid:CNNVD-201202-265
db:NVDid:CVE-2012-1085

LAST UPDATE DATE
2024-11-23T21:56:01.695000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-54366date:2017-08-29T00:00:00
db:BIDid:51852date:2012-02-02T00:00:00
db:JVNDBid:JVNDB-2012-001467date:2012-02-17T00:00:00
db:CNNVDid:CNNVD-201202-265date:2012-02-15T00:00:00
db:NVDid:CVE-2012-1085date:2024-11-21T01:36:22.893

SOURCES RELEASE DATE
db:VULHUBid:VHN-54366date:2012-02-14T00:00:00
db:BIDid:51852date:2012-02-02T00:00:00
db:JVNDBid:JVNDB-2012-001467date:2012-02-17T00:00:00
db:CNNVDid:CNNVD-201202-265date:2012-02-15T00:00:00
db:NVDid:CVE-2012-1085date:2012-02-14T17:55:03.540