VIR Vulnerability Intelligence Relay

CVE-2012-3473

medium
Published 2012-08-12 · Modified 2026-04-29
CVSS v3
CVSS v2
6.4
VIR risk
6.4

Description

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4

Application impact
VendorProductVersionsFixed
ushahidiushahidi_platform{"endIncluding":"2.4.1"}
ushahidiushahidi_platform1.0
ushahidiushahidi_platform1.2
ushahidiushahidi_platform2.0
ushahidiushahidi_platform2.1
ushahidiushahidi_platform2.2
ushahidiushahidi_platform2.2.1
ushahidiushahidi_platform2.3.1
ushahidiushahidi_platform2.3.2
ushahidiushahidi_platform2.4

References

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.