Lucene search

MitreCVE-2014-1931

HistoryFeb 10, 2014 - 10:55 p.m.

CVE-2014-1931

2014-02-1022:55:03

CWE-200

mitre

web.nvd.nist.gov

cve-2014-1931

visibility software

cyber recruiter

user login page

account-related information

remote attackers

security vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

69.4%

JSON

The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests.

Affected configurations

Nvd

Node

visibility_softwarecyber_recruiterRange≤8.0

visibility_softwarecyber_recruiterMatch6.2

visibility_softwarecyber_recruiterMatch6.4

visibility_softwarecyber_recruiterMatch6.6

visibility_softwarecyber_recruiterMatch6.8

visibility_softwarecyber_recruiterMatch7.0

visibility_softwarecyber_recruiterMatch7.2

VendorProductVersionCPE
visibility_softwarecyber_recruiter*cpe:2.3:a:visibility_software:cyber_recruiter:*:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter6.2cpe:2.3:a:visibility_software:cyber_recruiter:6.2:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter6.4cpe:2.3:a:visibility_software:cyber_recruiter:6.4:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter6.6cpe:2.3:a:visibility_software:cyber_recruiter:6.6:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter6.8cpe:2.3:a:visibility_software:cyber_recruiter:6.8:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter7.0cpe:2.3:a:visibility_software:cyber_recruiter:7.0:*:*:*:*:*:*:*
visibility_softwarecyber_recruiter7.2cpe:2.3:a:visibility_software:cyber_recruiter:7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
visibility_software	cyber_recruiter	*	cpe:2.3:a:visibility_software:cyber_recruiter::::::::
visibility_software	cyber_recruiter	6.2	cpe:2.3:a:visibility_software:cyber_recruiter:6.2:::::::*
visibility_software	cyber_recruiter	6.4	cpe:2.3:a:visibility_software:cyber_recruiter:6.4:::::::*
visibility_software	cyber_recruiter	6.6	cpe:2.3:a:visibility_software:cyber_recruiter:6.6:::::::*
visibility_software	cyber_recruiter	6.8	cpe:2.3:a:visibility_software:cyber_recruiter:6.8:::::::*
visibility_software	cyber_recruiter	7.0	cpe:2.3:a:visibility_software:cyber_recruiter:7.0:::::::*
visibility_software	cyber_recruiter	7.2	cpe:2.3:a:visibility_software:cyber_recruiter:7.2:::::::*

References

www.securityfocus.com/bid/65564

www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

69.4%

JSON

Related for CVE-2014-1931