VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 12, 2014· Updated May 6, 2026

CVE-2014-8735

CVE-2014-8735

Description

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.

Affected products

46
  • Bad Behavior Project/Bad Behavior46 versions
    cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.114:*:*:*:*:drupal:*:*+ 45 more
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.114:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.115:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.116:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.200:rc14:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.214:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.215:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.216:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.217:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.0:rc1:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.0:rc2:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.x:dev:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.1:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2:rc14:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.13:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.14:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.113:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.225:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.226:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.227:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.228:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2210:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2211:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2212:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2213:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2214:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2215:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2216:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.x:dev:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.220:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.221:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.222:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.223:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.225:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.226:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.227:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.228:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2210:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2211:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2212:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2213:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2214:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2215:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.220:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.221:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.222:*:*:*:*:drupal:*:*
    • cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.223:*:*:*:*:drupal:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.