The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Oct/39 | Mailing List Third Party Advisory |
https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html | Broken Link |
https://www.exploit-db.com/exploits/44513/ | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2017/Oct/39 | Mailing List Third Party Advisory |
https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html | Broken Link |
https://www.exploit-db.com/exploits/44513/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 03:12
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2017/Oct/39 - Mailing List, Third Party Advisory | |
References | () https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html - Broken Link | |
References | () https://www.exploit-db.com/exploits/44513/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2017-10-18 18:29
Updated : 2024-11-21 03:12
NVD link : CVE-2017-14322
Mitre link : CVE-2017-14322
CVE.ORG link : CVE-2017-14322
JSON object : View
Products Affected
interspire
- email_marketer
CWE
CWE-287
Improper Authentication