CVE-2014-2862

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/437385	US Government Resource
http://www.kb.cert.org/vuls/id/437385	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:paperthin:commonspot_content_server::::::::
	cpe:2.3:a:paperthin:commonspot_content_server:8.0.0:::::::*
	cpe:2.3:a:paperthin:commonspot_content_server:8.0.1:::::::*
	cpe:2.3:a:paperthin:commonspot_content_server:8.0.2:::::::*

History

21 Nov 2024, 02:07

Type	Values Removed	Values Added
References	~~() http://www.kb.cert.org/vuls/id/437385 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/437385 - US Government Resource

Information

Published : 2014-04-15 23:13

Updated : 2024-11-21 02:07

NVD link : CVE-2014-2862

Mitre link : CVE-2014-2862

CVE.ORG link : CVE-2014-2862

JSON object : View

Products Affected

paperthin

commonspot_content_server

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-2862", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-15T23:13:17.367", "references": [{"url": "http://www.kb.cert.org/vuls/id/437385", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/437385", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors."}, {"lang": "es", "value": "PaperThin CommonSpot anterior a 7.0.2 y 8.x anterior a 8.0.3 no validan la autorizaci\u00f3n en situaciones no especificadas, lo que permite a usuarios remotos autenticados realizar acciones a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-11-21T02:07:05.143", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paperthin:commonspot_content_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD08E3EF-D249-4A29-A3E7-21BEA641CD84", "versionEndIncluding": "7.0.1"}, {"criteria": "cpe:2.3:a:paperthin:commonspot_content_server:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FE207C4-6F10-49EA-9FEF-AD567BDB59C6"}, {"criteria": "cpe:2.3:a:paperthin:commonspot_content_server:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4602A36E-5F5B-4DC9-B556-097F0847F30B"}, {"criteria": "cpe:2.3:a:paperthin:commonspot_content_server:8.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6EDBF14-8C62-4E0F-A7A4-E196A9C21EA4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}