{
  "threat_severity" : "Moderate",
  "public_date" : "2013-12-17T00:00:00Z",
  "bugzilla" : {
    "description" : "cumin: missing authorization checks in forms, charts, and csv export widgets",
    "id" : "995038",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=995038"
  },
  "cvss" : {
    "cvss_base_score" : "6.5",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors." ],
  "acknowledgement" : "This issue was discovered by Tomáš Nováčik (Red Hat MRG Quality Engineering team).",
  "affected_release" : [ {
    "product_name" : "MRG for RHEL-5 v. 2",
    "release_date" : "2013-12-17T00:00:00Z",
    "advisory" : "RHSA-2013:1851",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2::el5",
    "package" : "cumin-0:0.1.5787-4.el5"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2013-12-17T00:00:00Z",
    "advisory" : "RHSA-2013:1852",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "cumin-0:0.1.5787-4.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2013-12-17T00:00:00Z",
    "advisory" : "RHSA-2013:1852",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "rubygems-0:1.8.23.2-1.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-4404\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4404" ],
  "name" : "CVE-2013-4404",
  "csaw" : false
}