CVE-2014-9618

Опубликовано: 19 сент. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.

Ссылки

http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/37933/
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/37933/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*

Версия до 3.1.9 (включая)

cpe:2.3:a:netsweeper:netsweeper:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:netsweeper:netsweeper:4.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.68171

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-j6qh-hxp9-rr4j