Lucene search

MitreCVE-2014-1930

HistoryFeb 10, 2014 - 10:55 p.m.

CVE-2014-1930

2014-02-1022:55:03

CWE-200

mitre

web.nvd.nist.gov

cve-2014-1930

cyber recruiter

https

response headers

sensitive information

remote attackers

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

Affected configurations

Nvd

Node

visibility_softwarecyber_recruiterRange≤8.0

visibility_softwarecyber_recruiterMatch6.2

visibility_softwarecyber_recruiterMatch6.4

visibility_softwarecyber_recruiterMatch6.6

visibility_softwarecyber_recruiterMatch6.8

visibility_softwarecyber_recruiterMatch7.0

visibility_softwarecyber_recruiterMatch7.2

VendorProductVersionCPE
visibility_softwarecyber_recruiter*cpe:2.3:a:visibility_software:cyber_recruiter:*:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter6.2cpe:2.3:a:visibility_software:cyber_recruiter:6.2:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter6.4cpe:2.3:a:visibility_software:cyber_recruiter:6.4:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter6.6cpe:2.3:a:visibility_software:cyber_recruiter:6.6:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter6.8cpe:2.3:a:visibility_software:cyber_recruiter:6.8:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter7.0cpe:2.3:a:visibility_software:cyber_recruiter:7.0:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter7.2cpe:2.3:a:visibility_software:cyber_recruiter:7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
visibility_software	cyber_recruiter	*	cpe:2.3:a:visibility_software:cyber_recruiter::::::::
visibility_software	cyber_recruiter	6.2	cpe:2.3:a:visibility_software:cyber_recruiter:6.2:::::::*
visibility_software	cyber_recruiter	6.4	cpe:2.3:a:visibility_software:cyber_recruiter:6.4:::::::*
visibility_software	cyber_recruiter	6.6	cpe:2.3:a:visibility_software:cyber_recruiter:6.6:::::::*
visibility_software	cyber_recruiter	6.8	cpe:2.3:a:visibility_software:cyber_recruiter:6.8:::::::*
visibility_software	cyber_recruiter	7.0	cpe:2.3:a:visibility_software:cyber_recruiter:7.0:::::::*
visibility_software	cyber_recruiter	7.2	cpe:2.3:a:visibility_software:cyber_recruiter:7.2:::::::*

References

jvn.jp/vu/JVNVU97441356/index.html

osvdb.org/102814

osvdb.org/102815

www.kb.cert.org/vuls/id/566894

www.securityfocus.com/bid/65305

www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON

Related for CVE-2014-1930