Lucene search
MitreCVE-2014-2866HistoryApr 15, 2014 - 11:13 p.m.
CVE-2014-2866
2014-04-1523:13:17
CWE-94
mitre
web.nvd.nist.gov
27
paperthin commonspot
cve-2014-2866
access restrictions
client-side javascript
security vulnerability
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.1
Confidence
Low
EPSS
0.005
Percentile
76.4%
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.
Affected configurations
Node
paperthincommonspot_content_serverRange≤7.0.1
ORpaperthincommonspot_content_serverMatch8.0.0
ORpaperthincommonspot_content_serverMatch8.0.1
ORpaperthincommonspot_content_serverMatch8.0.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| paperthin | commonspot_content_server | * | cpe:2.3:a:paperthin:commonspot_content_server:*:*:*:*:*:*:*:* |
| paperthin | commonspot_content_server | 8.0.0 | cpe:2.3:a:paperthin:commonspot_content_server:8.0.0:*:*:*:*:*:*:* |
| paperthin | commonspot_content_server | 8.0.1 | cpe:2.3:a:paperthin:commonspot_content_server:8.0.1:*:*:*:*:*:*:* |
| paperthin | commonspot_content_server | 8.0.2 | cpe:2.3:a:paperthin:commonspot_content_server:8.0.2:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2014-2866
2014-04-15 23:00:00
nvd
nvd
CVE-2014-2866
2014-04-15 23:13:17
prion
prion
Code injection
2014-04-15 23:13:00
nessus
nessus
CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities
2014-04-18 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.1
Confidence
Low
EPSS
0.005
Percentile
76.4%
Related for CVE-2014-2866