Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages.
CWE-305: Authentication Bypass by Primary Weakness:
Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages allowing unauthenticated user to view protected data hosted on the website via the
An unauthenticated attacker can bypass authentication and view protected data hosted on the website via the
The vendor has released Visibility Software Cyber Recruiter 8.1.00 to address this vulnerability. Affected users are advised to upgrade to Visibility Software Cyber Recruiter 8.1.00 or higher.
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Notified: December 03, 2013 Updated: February 03, 2014
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector
Base | 4.3 | AV:N/AC:M/Au:N/C:P/I:N/A:N
Temporal | 3.6 | E:F/RL:OF/RC:C
Environmental | 1.0 | CDP:L/TD:L/CR:ND/IR:ND/AR:ND
Thanks to Brad Arndt and Michael Ledford for reporting this vulnerability.
This document was written by Michael Orlando.
CVE IDs: | None
Date Public: | 2014-01-27
Date First Published: | 2014-02-03
Date Last Updated: | 2014-02-03 18:01 UTC
Document Revision: | 11