CVE-2009-2237 - OpenCVE

Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions).

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Karim Ratib	Views Bulk Operations
Drupal	Drupal

Configuration 1 [-]

AND

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:karim_ratib:views_bulk_operations:5.x-1.0:::::::*
	cpe:2.3:a:karim_ratib:views_bulk_operations:5.x-1.1:::::::*
	cpe:2.3:a:karim_ratib:views_bulk_operations:5.x-1.2:::::::*
	cpe:2.3:a:karim_ratib:views_bulk_operations:5.x-1.3:::::::*
	cpe:2.3:a:karim_ratib:views_bulk_operations:6.x-1.0:::::::*
	cpe:2.3:a:karim_ratib:views_bulk_operations:6.x-1.1:::::::*
	cpe:2.3:a:karim_ratib:views_bulk_operations:6.x-1.2:::::::*
	cpe:2.3:a:karim_ratib:views_bulk_operations:6.x-1.3:::::::*
	cpe:2.3:a:karim_ratib:views_bulk_operations:6.x-1.4:::::::*

References

Link	Resource
http://drupal.org/node/468450	Patch Vendor Advisory
http://secunia.com/advisories/35117	Vendor Advisory
http://www.securityfocus.com/bid/35051	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/50659

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-06-27T18:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-06-27T00:00:00

Link: CVE-2009-2237

JSON object: View

NVD Information

Status : Modified

Published: 2009-06-27T18:47:59.203

Modified: 2017-08-17T01:30:42.803

Link: CVE-2009-2237

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-20T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify \"nodes or classes of nodes\" via unknown vectors, probably related to registered procedures (aka actions)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/468450"}, {"name": "viewsbulk-unspecified-security-bypass(50659)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50659"}, {"name": "35051", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35051"}, {"name": "35117", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35117"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2237", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify \"nodes or classes of nodes\" via unknown vectors, probably related to registered procedures (aka actions)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/468450", "refsource": "CONFIRM", "url": "http://drupal.org/node/468450"}, {"name": "viewsbulk-unspecified-security-bypass(50659)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50659"}, {"name": "35051", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35051"}, {"name": "35117", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35117"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2237", "datePublished": "2009-06-27T18:00:00", "dateReserved": "2009-06-27T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:karim_ratib:views_bulk_operations:5.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2449F487-D201-4013-B0D4-3D83265E7F56", "vulnerable": true}, {"criteria": "cpe:2.3:a:karim_ratib:views_bulk_operations:5.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "539260B1-1779-4020-9034-BF8E01D87652", "vulnerable": true}, {"criteria": "cpe:2.3:a:karim_ratib:views_bulk_operations:5.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C8B77FCD-74E2-48E6-BEDD-702E7CAAF2FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:karim_ratib:views_bulk_operations:5.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "973F9818-ADD0-41C2-9F41-14346F3E5286", "vulnerable": true}, {"criteria": "cpe:2.3:a:karim_ratib:views_bulk_operations:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B337BA-2904-4D32-BB31-4395FDE73E8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:karim_ratib:views_bulk_operations:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F4D6AED-090F-4883-8140-1EF244757D59", "vulnerable": true}, {"criteria": "cpe:2.3:a:karim_ratib:views_bulk_operations:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3B467064-1F6E-4571-92A6-6AAA599382DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:karim_ratib:views_bulk_operations:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CDE0970F-3691-4344-ADEB-75F02B694522", "vulnerable": true}, {"criteria": "cpe:2.3:a:karim_ratib:views_bulk_operations:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "54E93443-9E9C-44D3-9B3F-70CAA28A9E23", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify \"nodes or classes of nodes\" via unknown vectors, probably related to registered procedures (aka actions)."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Views Bulk Operations 5.x-1.x antes de 5.x-1.4 y 6.x-1.x ante de 6.x-1.7, un modulo para Drupal, permite a atacantes remotos evitar las restricciones de acceso previstas y modificar \"nodos o clases de nodos\" mediante vectores desconocidos, probablemente relacionado con procedimientos registrados (alias acciones)."}], "id": "CVE-2009-2237", "lastModified": "2017-08-17T01:30:42.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-06-27T18:47:59.203", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/468450"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35117"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/35051"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50659"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}