CVE-2014-8327 - The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folder

CVE-2014-8327

Summary

The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

References

Vulnerable Configurations

cpe:2.3:a:fal_sftp_project:fal_sftp:0.2.4:*:*:*:*:typo3:*:*
cpe:2.3:a:fal_sftp_project:fal_sftp:0.2.4:*:*:*:*:typo3:*:*
cpe:2.3:a:fal_sftp_project:fal_sftp:*:*:*:*:*:typo3:*:*
cpe:2.3:a:fal_sftp_project:fal_sftp:*:*:*:*:*:typo3:*:*

CVSS

Base:	4.0 (as of 08-09-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:N/A:N

refmap via4

confirm	http://typo3.org/extensions/repository/view/fal_sftp
misc	http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-014/
xf	falsftp-typo3-cve20148327-info-disc(97668)

Last major update

08-09-2017 - 01:29

Published

27-10-2014 - 15:55

Last modified

08-09-2017 - 01:29