jvndb-2024-000054
Vulnerability from jvndb
Published
2024-05-29 14:06
Modified
2024-05-29 14:06
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
EC-Orange vulnerable to authorization bypass
Details
EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE. EC-Orange contains an authorization bypass vulnerability (CWE-639). This is the same issue as JVN#51770585 (EC-CUBE vulnerable to authorization bypass). This vulnerability was reported on July 2015. The coordination with the developer was resumed on December 2023, and this JVN publication was agreed upon.
References
JVN https://jvn.jp/en/jp/JVN15637138/index.html
JVN https://jvn.jp/en/jp/JVN51770585/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0808
NVD https://nvd.nist.gov/vuln/detail/CVE-2014-0808
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
S-cubism Inc.EC-Orange
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000054.html",
  "dc:date": "2024-05-29T14:06+09:00",
  "dcterms:issued": "2024-05-29T14:06+09:00",
  "dcterms:modified": "2024-05-29T14:06+09:00",
  "description": "EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE.\r\nEC-Orange contains an authorization bypass vulnerability (CWE-639).\r\nThis is the same issue as JVN#51770585 (EC-CUBE vulnerable to authorization bypass).\r\n\r\nThis vulnerability was reported on July 2015.\r\nThe coordination with the developer was resumed on December 2023, and this JVN publication was agreed upon.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000054.html",
  "sec:cpe": {
    "#text": "cpe:/a:misc:scubism_ec-orange",
    "@product": "EC-Orange",
    "@vendor": "S-cubism Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000054",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN15637138/index.html",
      "@id": "JVN#15637138",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/jp/JVN51770585/index.html",
      "@id": "JVN#51770585",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0808",
      "@id": "CVE-2014-0808",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-0808",
      "@id": "CVE-2014-0808",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "EC-Orange vulnerable to authorization bypass"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.