Description
The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN03975805/index.html
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html
Broken Link x_refsource_confirm
https://developer.a-blogcms.jp/blog/patch/entry-2363.html
Scores
CVSS v3
6.5
EPSS
0.0128
EPSS Percentile
66.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-284
Status
published
Products (1)
appleple/a-blog_cms
< 2.6.0.1
Published
Apr 12, 2017
Tracked Since
Feb 18, 2026