CVE-2017-11365

CRITICAL

Sensiolabs Symfony < 2.7.32 - Improper Access Control

Title source: rule

Description

Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.

References (2)

Core 2

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/symfony/symfony/pull/23507

Patch, Third Party Advisory x_refsource_misc

https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0036

EPSS Percentile 57.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (7)

sensiolabs/symfony 2.7.30

sensiolabs/symfony 2.8.23

sensiolabs/symfony 3.2.10

sensiolabs/symfony 3.3.3

symfony/security 2.7.30 - 2.7.32Packagist

symfony/security-core 2.7.30 - 2.7.32Packagist

symfony/symfony 2.7.30 - 2.7.32Packagist

Published May 23, 2019

Tracked Since Feb 18, 2026