CVE-2017-16633

MEDIUM

In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

Source: MITRE

Published: 2017-11-10

Updated: 2017-11-28

Type: CWE-200

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

ID	Name	Product	Family	Severity
98475	Joomla! 1.5.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98474	Joomla! 1.6.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98473	Joomla! 1.7.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98472	Joomla! 2.5.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98471	Joomla! 3.0.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98470	Joomla! 3.1.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98469	Joomla! 3.2.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98468	Joomla! 3.3.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98467	Joomla! 3.4.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98466	Joomla! 3.5.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98465	Joomla! 3.6.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98464	Joomla! 3.7.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98463	Joomla! 3.8.x < 3.8.2 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
104478	Joomla! 1.5.0 < 3.8.2 Multiple Vulnerabilities	Nessus	CGI abuses	high