CVE-2014-3006

{"id": "CVE-2014-3006", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-02T14:55:07.590", "references": [{"url": "http://seclists.org/fulldisclosure/2014/Apr/317", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/531986/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/67165", "source": "cve@mitre.org"}, {"url": "https://www.lsexperts.de/advisories/lse-2014-04-10.txt", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2014/Apr/317", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/531986/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/67165", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.lsexperts.de/advisories/lse-2014-04-10.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/."}, {"lang": "es", "value": "Sitepark Information Enterprise Server (IES) 2.9 anterior a 2.9.6, cuando actualizado de una versi\u00f3n anterior, no restringe debidamente acceso, lo que permite a atacantes remotos cambiar la contrase\u00f1a de cuenta de gestor y obtener informaci\u00f3n sensible a trav\u00e9s de un solicitud hacia install/."}], "lastModified": "2024-11-21T02:07:19.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sitepark:information_enterprise_server:2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13B49D9D-5367-44A1-BF77-C9FEC08138DF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}