2014-01-24 19:55:05 2014-02-21 06:06:38

The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Cisco WebEx Advanced Recording Format (ARF) Player T28 Cisco WebEx 4.1 for Apple iPhone OS (iOS) Cisco WebEx Advanced Recording Format (ARF) Player 28.0.0 Cisco WebEx Advanced Recording Format (ARF) Player 27.32.1 Cisco Webex Meeting Center For Firefox Or Chrome 8.29.3000 Cisco WebEx Advanced Recording Format (ARF) Player 27.25.10 Cisco WebEx Advanced Recording Format (ARF) Player 27.21.10 Cisco WebEx Advanced Recording Format (ARF) Player 27.11.26 Cisco Web Security Virtual Appliance 7.1.0 Cisco Web Security Virtual Appliance 7.1.2 Cisco Web Security Virtual Appliance 7.1.1 Cisco Web Security Virtual Appliance 7.7.5 Cisco Web Security Virtual Appliance 8.5.0 Cisco Web Security Virtual Appliance 8.0.5 Cisco Web Security Virtual Appliance 7.1.4 Cisco Web Security Virtual Appliance 7.1.3 Cisco Web Security Virtual Appliance 7.7 Cisco Web Security Virtual Appliance 7.5.1 Cisco Web Security Virtual Appliance 7.5.0 Drupal Drupal 7.21 (not an official CPE) Drupal Drupal 7.20 (not an official CPE) Drupal Drupal 7.23 (not an official CPE) Drupal Drupal 7.22 (not an official CPE) Drupal Drupal 7.24 (not an official CPE) Cisco Web Security Appliance 9.0.0-193 Cisco WebEx Advanced Recording Format (ARF) Player T27LD Cisco WebEx Meeting Center Cisco Web Security Virtual Appliance 8.7.0 Cisco WebEx Advanced Recording Format (ARF) Player T29 Cisco WebEx 11.0 Cisco Web Security Virtual Appliance 8.5.1 Cisco Webex Meeting Center For Firefox Or Chrome 8.23.2504 Cisco Web Security Virtual Appliance 8.6.0