Lucene search

MitreCVE-2008-4614

HistoryOct 20, 2008 - 6:14 p.m.

CVE-2008-4614

2008-10-2018:14:04

CWE-287

mitre

web.nvd.nist.gov

cve-2008-4614

portalapp 4.0

authentication bypass

remote attack

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.016

Percentile

87.3%

JSON

PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.

Affected configurations

Nvd

Node

portalappportalappMatch4.0

VendorProductVersionCPE
portalappportalapp4.0cpe:2.3:a:portalapp:portalapp:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
portalapp	portalapp	4.0	cpe:2.3:a:portalapp:portalapp:4.0:::::::*

References

secunia.com/advisories/28337

securityreason.com/securityalert/4439

www.aspapp.com/content.asp?CatId=197&ContentType=Downloads

www.securityfocus.com/bid/27170

exchange.xforce.ibmcloud.com/vulnerabilities/39457

www.exploit-db.com/exploits/4848

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.016

Percentile

87.3%

JSON

Related for CVE-2008-4614