Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6212)

Description

The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.

Remediation

References

CVE-2016-6212

Related Vulnerabilities

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3512)

WordPress Plugin Safe Editor Unspecified Vulnerability (1.1)

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-2111)

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14510)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5406)

Severity

Medium

Classification

CVE-2016-6212 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N