CVE-2016-9449
drupal7 - security update
4.3
MEDIUM
CVSS 3.1
EPSS 0.21%
Description
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
How to fix CVE-2016-9449
To remediate CVE-2016-9449, upgrade the affected package to a fixed version below.
- Debian/drupal7—upgrade to 7.14-2+deb7u15 or later
- —upgrade to 7.32-1+deb8u8 or later
- —upgrade to 7.52 or later
- —upgrade to 8.2.3 or later
Is CVE-2016-9449 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 7.14-2+deb7u15
- from 0, < 7.32-1+deb8u8
- >= 7.0, < 7.52
- >= 8.0, < 8.2.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |