CVE-2015-6926

Published: Jan 19, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.

Affected (3)

Products: Oxid Esales: Eshop

Oxid Esales

1 product

Eshop

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Oxid Esales Eshop	From 4.0.1.0 to 4.4.8
Oxid Esales Eshop	From 4.0.1.0 to 4.4.8
Oxid Esales Eshop	From 4.0.1.0 to 4.4.8

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://bugs.oxid-esales.com/view.php?id=6224

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://oxidforge.org/en/oxid-security-bulletin-2015-001.html

Source: cve@mitre.org

MitigationVendor Advisory

https://bugs.oxid-esales.com/view.php?id=6224

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://oxidforge.org/en/oxid-security-bulletin-2015-001.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.