5.7.x CVE vulnerabilities applies to 5.6 also?
Permalink
Hi,
The below vulnerabilities were identified on concrete5 and was recommended to upgrade to concrete 5.7.4.2 or later.
CVE-2015-3989
CVE-2015-2250
CVE-2014-9526
We are currently on 5.6.3.3 as of now. Does this vulnerabilities apply to also 5.6.3.3? The CVE always refers to affected versions as 5.7.X and earlier.
Thanks in advance,
TGBoy
The below vulnerabilities were identified on concrete5 and was recommended to upgrade to concrete 5.7.4.2 or later.
CVE-2015-3989
CVE-2015-2250
CVE-2014-9526
We are currently on 5.6.3.3 as of now. Does this vulnerabilities apply to also 5.6.3.3? The CVE always refers to affected versions as 5.7.X and earlier.
Thanks in advance,
TGBoy
Hey,
The first one only affected private messages, and I believe that was fixed in both 5.6 and 5.7, (you had to have private messages enabled if I remember correctly, which basically nobody does in 5.6 cause it was kinda buggy/incomplete)
For the other two, I think I back ported those as well, even if I didn't, they required administrator access to concrete5 so they have a low impact.
Hope this answers your question.
Mike
The first one only affected private messages, and I believe that was fixed in both 5.6 and 5.7, (you had to have private messages enabled if I remember correctly, which basically nobody does in 5.6 cause it was kinda buggy/incomplete)
For the other two, I think I back ported those as well, even if I didn't, they required administrator access to concrete5 so they have a low impact.
Hope this answers your question.
Mike
Both versions are based on different code base.