← volver
CVE-2012-2296

CVE-2012-2296

EPSS 1.6%
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://drupal.org/node/1515114http://drupal.org/node/1515120http://drupal.org/node/1515282https://exchange.xforce.ibmcloud.com/vulnerabilities/74616http://www.openwall.com/lists/oss-security/2012/04/10/12http://www.openwall.com/lists/oss-security/2012/05/03/1http://www.openwall.com/lists/oss-security/2012/05/03/2