CVE-2014-8598

{"id": "CVE-2014-8598", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-18T15:59:06.750", "references": [{"url": "http://secunia.com/advisories/62101", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2015/dsa-3120", "source": "cve@mitre.org"}, {"url": "http://www.mantisbt.org/bugs/view.php?id=17780", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/11/07/28", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/70996", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98573", "source": "cve@mitre.org"}, {"url": "https://github.com/mantisbt/mantisbt/commit/80a15487", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/62101", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2015/dsa-3120", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mantisbt.org/bugs/view.php?id=17780", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2014/11/07/28", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/70996", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98573", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mantisbt/mantisbt/commit/80a15487", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-19"}]}], "descriptions": [{"lang": "en", "value": "The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code."}, {"lang": "es", "value": "El plugin XML Import/Export en MantisBT 1.2.x no restringe el acceso, lo que permite a atacantes remotos (1) subir c\u00f3digo XML arbitrario mediante la p\u00e1gina 'import' o (2) obtener informaci\u00f3n sensible mediante la p\u00e1gina 'export'. NOTA: este fallo puede ser combinado con la CVE-2014-7146 y ejecutar c\u00f3digo PHP arbitrario."}], "lastModified": "2024-11-21T02:19:24.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5761D76C-7109-4E94-AEC3-3A6419429A91", "versionEndIncluding": "1.2.17"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}