MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
References
Configurations
History
21 Nov 2024, 00:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/33497 - | |
References | () http://secunia.com/advisories/24364 - Vendor Advisory | |
References | () http://www.contelligent.com/contell/cms/c1web/contelligent/site/contelligent/changelog.html?fromRelease=9.1.4 - | |
References | () http://www.securityfocus.com/bid/22785 - | |
References | () http://www.vupen.com/english/advisories/2007/0814 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/32775 - |
Information
Published : 2007-03-03 20:19
Updated : 2024-11-21 00:27
NVD link : CVE-2007-1249
Mitre link : CVE-2007-1249
CVE.ORG link : CVE-2007-1249
JSON object : View
Products Affected
contelligent
- c1_financial_services
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')