Description
Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- Six Apart Ltd. / Movable Type9.1.1 and earlier – 9.1.1 and earlier
- Six Apart Ltd. / Movable Type9.0.7 and earlier – 9.0.7 and earlier
- Six Apart Ltd. / Movable Type8.8.3 and earlier – 8.8.3 and earlier
- Six Apart Ltd. / Movable Type8.0.10 and earlier – 8.0.10 and earlier
- Six Apart Ltd. / Movable Type Advanced9.1.1 and earlie – 9.1.1 and earlie
- Six Apart Ltd. / Movable Type Advanced9.0.7 and earlier – 9.0.7 and earlier
- Six Apart Ltd. / Movable Type Advanced8.8.3 and earlier – 8.8.3 and earlier
- Six Apart Ltd. / Movable Type Advanced8.0.10 and earlier – 8.0.10 and earlier
- Six Apart Ltd. / Movable Type Premium9.1.1 and earlier – 9.1.1 and earlier
- Six Apart Ltd. / Movable Type Premium9.0.7 and earlier – 9.0.7 and earlier
- Six Apart Ltd. / Movable Type Premium2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier) – 2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)
- Six Apart Ltd. / Movable Type Premium (Advanced Edition)9.1.1 and earlier – 9.1.1 and earlier
- Six Apart Ltd. / Movable Type Premium (Advanced Edition)9.0.7 and earlier – 9.0.7 and earlier
- Six Apart Ltd. / Movable Type Premium (Advanced Edition)2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier) – 2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)