Improper input validation in Montala Resourcespace

CVE-2011-4311

ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (39.1th percentile) — read the EPSS interpretation.

Affected products

Montala Resourcespace — versions 2.2.1240, 2.3.1374, 3.0.1490
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

[oss-security] 20111114 Re: CVE request: ResourceSpace before 4.2.2833 insufficient access check (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
[oss-security] 20111113 CVE request: ResourceSpace before 4.2.2833 insufficient access check (mailing-list, x_refsource_MLIST)