CVE-2014-3006

Sažetak

Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.

Reference

http://seclists.org/fulldisclosure/2014/Apr/317
http://www.securityfocus.com/archive/1/531986/100/0/threaded
http://www.securityfocus.com/bid/67165
https://www.lsexperts.de/advisories/lse-2014-04-10.txt

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-10-2018 - 19:43

Objavljeno

02-05-2014 - 14:55