Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-11365

Good to know:

icon

Date: May 23, 2019

Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.

Language: PHP

Severity Score

Related Resources (10)

https://github.com/symfony/symfony
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml
https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
https://symfony.com/cve-2017-11365
https://nvd.nist.gov/vuln/detail/CVE-2017-11365
https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml
https://github.com/symfony/symfony/pull/23507
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml
https://www.mend.io/vulnerability-database/CVE-2017-11365

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

icon

Upgrade Version

Upgrade to version symfony/security-core - v3.1.0;symfony/security-core - v3.3.1;symfony/security-core - v3.2.0-BETA1;symfony/security-core - v2.8.25;symfony/security-core - 3.3.x-dev;symfony/security-core - v3.3.3;symfony/security-core - v3.3.5;symfony/security-core - v2.8.23;symfony/security-core - v2.7.27;symfony/security-core - v3.2.12;symfony/security-core - v2.7.30;symfony/security-core - v3.2.5;symfony/security-core - v3.2.10;symfony/security-core - v2.7.32;symfony/security-core - v2.8.21;linhecheng/cmlphp - v3.2.12;linhecheng/cmlphp - v3.1.0;linhecheng/cmlphp - v2.7.32;linhecheng/cmlphp - v3.2.0-BETA1;linhecheng/cmlphp - v2.8.25;linhecheng/cmlphp - v3.3.5;linhecheng/cmlphp - 3.3.x-dev;jotalabs/att - no_fix;symfony/symfony - v2.8.25;symfony/symfony - v3.2.0-BETA1;symfony/symfony - v3.1.0;symfony/symfony - v3.2.12;symfony/symfony - v2.7.32;symfony/symfony - v3.3.5;symfony/symfony - 3.3.x-dev;lufangyu1217/demo - dev-develop;symfony/security - v3.1.0;symfony/security - v2.7.32;samrodriguez/easy-table-bundle - v1.0;samrodriguez/easy-table-bundle - no_fix;my-oos/my-oos - v2.0.105;my-oos/my-oos - v2.0.95

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us