Redcap Vulnérabilités

Chronologie

Version

4.14.0	8
4.14.1	8
4.14.2	7
4.13.18	6
4.14.3	6

Contre-mesures

Official Fix	20
Temporary Fix	0
Workaround	0
Unavailable	0
Not Defined	7

Exploitabilité

High	0
Functional	0
Proof-of-Concept	0
Unproven	0
Not Defined	27

Vecteur d'accès

Not Defined	0
Physical	0
Local	0
Adjacent	2
Network	25

Authentification

Not Defined	0
High	1
Low	17
None	9

Interaction de l'utilisateur

Not Defined	0
Required	17
None	10

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	5
≤5	12
≤6	2
≤7	4
≤8	2
≤9	0
≤10	2

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	5
≤5	13
≤6	3
≤7	2
≤8	2
≤9	0
≤10	2

VulDB

≤1	0
≤2	0
≤3	1
≤4	10
≤5	8
≤6	1
≤7	5
≤8	0
≤9	0
≤10	2

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	2
≤6	4
≤7	3
≤8	1
≤9	2
≤10	1

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Fournisseur

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploiter 0 jour

<1k	11
<2k	12
<5k	4
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Exploiter aujourd'hui

<1k	27
<2k	0
<5k	0
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Affected Versions (80): 4.13.18, 4.14, 4.14.1, 4.14.2, 4.14.3, 4.14.4, 4.14.5, 4.14.6, 4.15, 4.15.1, 4.15.2, 4.15.3, 4.15.4, 5, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.1, 5.1.1, 5.1.2, 7, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.1, 7.2, 7.3, 7.4, 7.5, 8.1, 8.10.1, 8.10.2, 8.10.3, 8.10.4, 8.10.5, 8.10.6, 8.10.7, 8.10.8, 8.10.9, 8.10.11, 8.10.12, 8.10.13, 8.10.14, 8.10.15, 8.10.16, 8.10.17, 8.10.18, 8.10.19, 9.0, 9.1, 9.1.1, 9.2, 9.3, 9.3.1, 9.3.2, 9.3.3, 10.3.4, 11.2.5, 12.0.11, 12.0.26 LTS, 12.3.2, 13.0, 13.1, 13.1.35, 13.2, 13.3, 13.4, 13.5, 13.6, 13.7

Publié	Base	Temp	Vulnérabilité	0day	Aujourd'hui	Exp	Con	CTI	CVE
06/03/2024	4.3	4.1	Vanderbilt REDCap Password Reset update.php divulgation de l'information	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2023-38825
07/09/2023	4.4	4.4	Vanderbilt REDCap cross site scripting	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	CVE-2023-37798
25/07/2023	5.5	5.5	REDCap sql injection	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2023-37361
12/10/2022	4.8	4.7	REDCap Alerts cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2022-42715
16/06/2022	3.5	3.5	REDCap Project edit_project_settings.php cross site scripting	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2022-24127
16/06/2022	3.5	3.5	REDCap messenger_ajax.php cross site scripting	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2022-24004
13/04/2022	4.3	4.3	REDCap cross site request forgery	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2021-42136
13/01/2021	4.8	4.8	REDCap ToDoList cross site scripting	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2020-26713
13/01/2021	8.0	8.0	REDCap ToDoList sql injection	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2020-26712
03/11/2020	4.4	4.3	REDCap Messenger cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2020-27359