Lucene search

K
cve[email protected]CVE-2014-2227
HistoryJul 25, 2014 - 7:55 p.m.

CVE-2014-2227

2014-07-2519:55:03
CWE-264
web.nvd.nist.gov
23
ubiquiti networks
unifi video
same origin policy
crossdomain.xml
cve-2014-2227

6.8 Medium

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.049 Low

EPSS

Percentile

92.8%

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

Affected configurations

NVD
Node
uiunifi_videoRange2.1.3
CPENameOperatorVersion
ui:unifi_videoui unifi videole2.1.3

6.8 Medium

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.049 Low

EPSS

Percentile

92.8%

Related for CVE-2014-2227