CVE-2012-4500

Low CVSS 3.5

Overview

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.

CWE: CWE-264 Published: 2012-10-31T16:55:03.640

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.5 (LOW)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags