CVE-2014-9611

Опубликовано: 19 сент. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.

Ссылки

http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/37931/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/37931/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*

Версия до 4.0.4 (включая)

EPSS

Процентиль: 96%

0.28617

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-74x7-rpw3-2qvj