CVE-2011-4904

MEDIUM6.5EPSS 0.24%

Typo3 Improper Access Control

Published: 4/22/2022Modified: 1/12/2024

Description

TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.

Affected packages (1)

Packagist/typo3/cmsfrom 0, < 4.4.9

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-4904
PATCHhttps://github.com/TYPO3/typo3
WEBhttps://security-tracker.debian.org/tracker/CVE-2011-4904
WEBhttps://typo3.org/security/advisory/typo3-core-sa-2011-001/#Missing_Access_Control