{"containers":{"cna":{"affected":[{"vendor":"EC-CUBE CO.,LTD.","product":"EC-CUBE","versions":[{"version":"2.11.0 through 2.12.2","status":"affected"}]},{"vendor":"S‑cubism Inc.","product":"EC-Orange","versions":[{"version":"systems deployed before June 29th","status":"affected"},{"version":"2015","status":"affected"}]}],"descriptions":[{"lang":"en","value":"Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request."}],"problemTypes":[{"descriptions":[{"description":"Authorization Bypass Through User-Controlled Key","lang":"en","type":"text"}]}],"references":[{"url":"http://www.ec-cube.net/info/weakness/weakness.php?id=57"},{"url":"http://jvn.jp/en/jp/JVN51770585/"},{"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"},{"url":"https://ec-orange.jp/"},{"url":"https://jvn.jp/en/jp/JVN15637138/"},{"url":"https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"}],"providerMetadata":{"orgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","shortName":"jpcert","dateUpdated":"2024-06-11T05:17:08.940Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-566","lang":"en","description":"CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.1,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-06-11T14:04:20.266694Z","id":"CVE-2014-0808","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-11T14:07:16.517Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T09:27:20.153Z"},"title":"CVE Program Container","references":[{"url":"http://www.ec-cube.net/info/weakness/weakness.php?id=57","tags":["x_transferred"]},{"url":"http://jvn.jp/en/jp/JVN51770585/","tags":["x_transferred"]},{"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006","tags":["x_transferred"]},{"url":"https://ec-orange.jp/","tags":["x_transferred"]},{"url":"https://jvn.jp/en/jp/JVN15637138/","tags":["x_transferred"]},{"url":"https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054","tags":["x_transferred"]}]}]},"cveMetadata":{"assignerOrgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","assignerShortName":"jpcert","cveId":"CVE-2014-0808","datePublished":"2014-01-22T21:00:00.000Z","dateReserved":"2014-01-06T00:00:00.000Z","dateUpdated":"2024-08-06T09:27:20.153Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}