CVE-2014-2849

2014-04-1115:55:00

CWE-264

[email protected]

web.nvd.nist.gov

sophos

web appliance

change password

cve-2014-2849

security vulnerability

admin password

6.5 Medium

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

0.276 Low

EPSS

Percentile

96.8%

JSON

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.

CPENameOperatorVersion
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.7.8
sophos:web_appliance_firmwaresophos web appliance firmwarele3.8.1.1
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.0
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.1
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.1.1
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.2
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.3
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.4
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.5
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.5.1

CPE	Name	Operator	Version
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.7.8
sophos:web_appliance_firmware	sophos web appliance firmware	le	3.8.1.1
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.0
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.1
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.1.1
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.2
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.3
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.4
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.5
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.5.1