CVE-2016-6212

MEDIUM

Drupal <7.3.14, <8.1.3 - Auth Bypass

Title source: llm

Description

The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.

References (5)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/07/13/4

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/07/13/7

[Vendor Advisory] https://www.drupal.org/SA-CORE-2016-002

[Vendor Advisory] https://www.drupal.org/node/2749333

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91230

Scores

CVSS v3 5.3

EPSS 0.0054

EPSS Percentile 67.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (50)

drupal/drupal

... and 35 more

Timeline

Published Sep 09, 2016

Tracked Since Feb 18, 2026