CVE-2014-1930

Опубликовано: 10 фев. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

Ссылки

http://jvn.jp/vu/JVNVU97441356/index.html
http://osvdb.org/102814
http://osvdb.org/102815
http://www.kb.cert.org/vuls/id/566894
US Government Resource
http://www.securityfocus.com/bid/65305
http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details
Vendor Advisory
http://jvn.jp/vu/JVNVU97441356/index.html
http://osvdb.org/102814
http://osvdb.org/102815
http://www.kb.cert.org/vuls/id/566894
US Government Resource
http://www.securityfocus.com/bid/65305
http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:visibility_software:cyber_recruiter:*:*:*:*:*:*:*:*

Версия до 8.0 (включая)

cpe:2.3:a:visibility_software:cyber_recruiter:6.2:*:*:*:*:*:*:*

cpe:2.3:a:visibility_software:cyber_recruiter:6.4:*:*:*:*:*:*:*

cpe:2.3:a:visibility_software:cyber_recruiter:6.6:*:*:*:*:*:*:*

cpe:2.3:a:visibility_software:cyber_recruiter:6.8:*:*:*:*:*:*:*

cpe:2.3:a:visibility_software:cyber_recruiter:7.0:*:*:*:*:*:*:*

cpe:2.3:a:visibility_software:cyber_recruiter:7.2:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00825

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-549m-hv69-px2r

github

больше 3 лет назад