CVE-2014-1930

2014-02-1022:00:00

mitre

www.cve.org

AI Score

6.2

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

References

jvn.jp/vu/JVNVU97441356/index.html

osvdb.org/102814

osvdb.org/102815

www.kb.cert.org/vuls/id/566894

www.securityfocus.com/bid/65305

www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details