How severe is CVE-2017-7490?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2017-7490?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2017-7490

MEDIUM Year: 2017

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-668

View all →

Vulnerability Description

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

CVE-2016-11006

MEDIUM

CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.

CWE-6682016

CVE-2016-11007

MEDIUM

CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

CWE-6682016

CVE-2016-11008

MEDIUM

CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.

CWE-6682016

CVE-2016-11009

MEDIUM

CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.

CWE-6682016

CVE-2016-11010

MEDIUM

CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.

CWE-6682016

CVE-2016-5334

MEDIUM

CVSS:5.3(Medium)

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

CWE-6682016

CVE-2017-7490

Vulnerability Description

Related Vulnerabilities

CVE-2016-11006

CVE-2016-11007

CVE-2016-11008

CVE-2016-11009

CVE-2016-11010

CVE-2016-5334