Lucene search

[email protected]CVE-2014-2233

HistoryDec 01, 2014 - 3:59 p.m.

CVE-2014-2233

2014-12-0115:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2014-2233

server-side request forgery

ssrf vulnerability

mapapi

infoware mapsuite

security vulnerability

nvd

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.0%

JSON

Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors.

CPENameOperatorVersion
infoware:mapsuiteinfoware mapsuiteeq1.0.35
infoware:mapsuiteinfoware mapsuiteeq1.1.48

CPE	Name	Operator	Version
infoware:mapsuite	infoware mapsuite	eq	1.0.35
infoware:mapsuite	infoware mapsuite	eq	1.1.48

References

iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp

iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp

www.christian-schneider.net/advisories/CVE-2014-2233.txt

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.0%

JSON

Related for CVE-2014-2233

prion1 cvelist1 securityvulns3