Medium severity6.5NVD Advisory· Published Apr 10, 2018· Updated Jun 17, 2026
CVE-2014-1398
CVE-2014-1398
Description
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=7.x-1.0,<7.x-1.3
- Range: <7.x-1.3
Patches
Vulnerability mechanics
References
7- www.drupal.org/node/2169595nvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.htmlnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2014/01/09/3nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/64729nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/90215nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.