Lucene search
HistoryApr 28, 2014 - 2:09 p.m.
CVE-2014-1217
cve-2014-1217
livetecs timelive
access restriction
vulnerability
database connection string
credentials
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.9%
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.
Affected configurations
Node
livetecstimelineMatch2.81
ORlivetecstimelineMatch2.91
ORlivetecstimelineMatch2.94
ORlivetecstimelineMatch3.0.1
ORlivetecstimelineMatch3.0.3
ORlivetecstimelineMatch3.0.5
ORlivetecstimelineMatch3.1.1
ORlivetecstimelineMatch3.2.1
ORlivetecstimelineMatch3.5.1
ORlivetecstimelineMatch3.6.1
ORlivetecstimelineMatch3.7.1
ORlivetecstimelineMatch3.8.1
ORlivetecstimelineMatch4.2.1
ORlivetecstimelineMatch4.3.1
ORlivetecstimelineMatch4.9.1
ORlivetecstimelineMatch5.2.1
ORlivetecstimelineMatch6.0.1
ORlivetecstimelineMatch6.2.1
ORlivetecstimelineMatch6.2.3
ORlivetecstimelineMatch6.2.4
ORlivetecstimelineMatch6.2.6
ORlivetecstimelineMatch6.2.7
ORlivetecstimelineMatch6.2.71
ORlivetecstimelineMatch7.1.1
Related
nvd
nvd
CVE-2014-1217
2014-04-28 14:09:06
packetstorm
packetstorm
Livetecs Timelive 6.2.71 Unauthenticated Access
2014-04-23 00:00:00
securityvulns
securityvulns
prion
prion
Design/Logic Flaw
2014-04-28 14:09:00
cvelist
cvelist
CVE-2014-1217
2014-04-28 14:00:00
zdt
zdt
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.9%
Related for CVE-2014-1217