{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://oxidforge.org/en/security-bulletin-2014-003.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.oxid-esales.com/view.php?id=5814"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4919", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://oxidforge.org/en/security-bulletin-2014-003.html", "refsource": "CONFIRM", "url": "https://oxidforge.org/en/security-bulletin-2014-003.html"}, {"name": "https://bugs.oxid-esales.com/view.php?id=5814", "refsource": "CONFIRM", "url": "https://bugs.oxid-esales.com/view.php?id=5814"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:34:36.090Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://oxidforge.org/en/security-bulletin-2014-003.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.oxid-esales.com/view.php?id=5814"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4919", "datePublished": "2018-01-19T15:00:00", "dateReserved": "2014-07-11T00:00:00", "dateUpdated": "2024-08-06T11:34:36.090Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:professional:*:*:*", "matchCriteriaId": "AD794519-239E-4A85-A957-CBB0DF6FD8C0", "versionEndExcluding": "4.7.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:professional:*:*:*", "matchCriteriaId": "03ABA365-43FB-4512-9880-4C942D75DA3D", "versionEndExcluding": "4.8.7", "versionStartIncluding": "4.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F806583A-D025-4CE9-B85B-A2A6A8A94E04", "versionEndExcluding": "5.0.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C4D13B14-0841-43FC-BC95-CF2CB0805E17", "versionEndExcluding": "5.1.7", "versionStartIncluding": "5.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:community:*:*:*", "matchCriteriaId": "AE598538-7146-41D3-A5D6-6214574B80D0", "versionEndExcluding": "4.7.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:community:*:*:*", "matchCriteriaId": "808FE10F-60B9-471A-8B13-EE36B72DBF52", "versionEndExcluding": "4.8.7", "versionStartIncluding": "4.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups."}, {"lang": "es", "value": "OXID eShop Professional Edition en versiones anteriores a la 4.7.13 y versiones 4.8.x anteriores a la 4.8.7, Enterprise Edition en versiones anteriores a la 5.0.13 y las versiones 5.1.x anteriores a la 5.1.7 y Community Edition en versiones anteriores a la 4.7.13 y versiones 4.8.x anteriores a la 4.8.7 permiten que atacantes remotos asignen usuarios a grupos de usuarios din\u00e1micos arbitrarios."}], "id": "CVE-2014-4919", "lastModified": "2024-11-21T02:11:07.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-19T15:29:00.217", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.oxid-esales.com/view.php?id=5814"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://oxidforge.org/en/security-bulletin-2014-003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.oxid-esales.com/view.php?id=5814"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://oxidforge.org/en/security-bulletin-2014-003.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}