Lucene search
MitreCVE-2014-3006HistoryMay 02, 2014 - 2:55 p.m.
CVE-2014-3006
2014-05-0214:55:07
CWE-264
mitre
web.nvd.nist.gov
25
cve-2014-3006
sitepark information enterprise server
ies
security vulnerability
remote access
password change
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.007
Percentile
80.9%
Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.
Affected configurations
Node
siteparkinformation_enterprise_serverMatch2.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sitepark | information_enterprise_server | 2.9 | cpe:2.3:a:sitepark:information_enterprise_server:2.9:*:*:*:*:*:*:* |
Related
securityvulns
securityvulns
LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access
2014-05-02 00:00:00
Sitepark Information Enterprise Server unauthorized access
2014-05-02 00:00:00
cvelist
cvelist
CVE-2014-3006
2014-05-02 14:00:00
nvd
nvd
CVE-2014-3006
2014-05-02 14:55:07
prion
prion
Design/Logic Flaw
2014-05-02 14:55:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.007
Percentile
80.9%
Related for CVE-2014-3006