Lucene search
HistoryMay 02, 2014 - 2:55 p.m.
CVE-2014-3006
cve-2014-3006
sitepark information enterprise server
ies
security vulnerability
remote access
password change
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
81.0%
Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.
Affected configurations
Node
siteparkinformation_enterprise_serverMatch2.9
| CPE | Name | Operator | Version |
|---|---|---|---|
| sitepark:information_enterprise_server | sitepark information enterprise server | eq | 2.9 |
Related
securityvulns
securityvulns
LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access
2014-05-02 00:00:00
Sitepark Information Enterprise Server unauthorized access
2014-05-02 00:00:00
nvd
nvd
CVE-2014-3006
2014-05-02 14:55:07
cvelist
cvelist
CVE-2014-3006
2014-05-02 14:00:00
prion
prion
Design/Logic Flaw
2014-05-02 14:55:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
81.0%
Related for CVE-2014-3006