CVE-2016-6212
Drupal Views can allow unauthorized users to see Statistics information
5.3
MEDIUM
CVSS 3.1
EPSS 0.54%
Description
The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.
How to fix CVE-2016-6212
To remediate CVE-2016-6212, upgrade the affected package to a fixed version below.
- —upgrade to 8.1.3 or later
- —upgrade to 8.1.3 or later
Is CVE-2016-6212 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 8.0, < 8.1.3
- >= 8.0, < 8.1.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |