CVE-2015-5502

Low

Low Medium High Critical

CVSS Score

Published: Aug 18, 2015

Last Modified: Apr 12, 2025

Vulnerability Description

The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.

Known Affected Software

8 configuration(s) from 1 vendor(s)

storage_api

Version:

7.x-1.1

CPE:

cpe:2.3:a:storage_api_project:storage_api:7.x-1.1:*:*:*:*:drupal:*:*

storage_api

Version:

7.x-1.5

CPE:

cpe:2.3:a:storage_api_project:storage_api:7.x-1.5:*:*:*:*:drupal:*:*

storage_api

Version:

7.x-1.3

CPE:

cpe:2.3:a:storage_api_project:storage_api:7.x-1.3:*:*:*:*:drupal:*:*

storage_api

Version:

7.x-1.7

CPE:

cpe:2.3:a:storage_api_project:storage_api:7.x-1.7:*:*:*:*:drupal:*:*

storage_api

Version:

7.x-1.4

CPE:

cpe:2.3:a:storage_api_project:storage_api:7.x-1.4:*:*:*:*:drupal:*:*

storage_api

Version:

7.x-1.0

CPE:

cpe:2.3:a:storage_api_project:storage_api:7.x-1.0:*:*:*:*:drupal:*:*

storage_api

Version:

7.x-1.2

CPE:

cpe:2.3:a:storage_api_project:storage_api:7.x-1.2:*:*:*:*:drupal:*:*

storage_api

Version:

7.x-1.6

CPE:

cpe:2.3:a:storage_api_project:storage_api:7.x-1.6:*:*:*:*:drupal:*:*

This vulnerability affects 8 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-284

Improper Access Control

Description: The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Typical Severity: Medium
Abstraction Level: Pillar