Lucene search

[email protected]CVE-2014-3521

HistoryOct 06, 2014 - 2:55 p.m.

CVE-2014-3521

2014-10-0614:55:09

CWE-264

[email protected]

web.nvd.nist.gov

red hat conga

access restrictions

crafted url

remote authentication

vulnerability

6 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.

Affected configurations

NVD

Node

redhatcongaMatch0.12.2

CPENameOperatorVersion
redhat:congaredhat congaeq0.12.2

CPE	Name	Operator	Version
redhat:conga	redhat conga	eq	0.12.2

References

rhn.redhat.com/errata/RHSA-2014-1194.html

bugzilla.redhat.com/show_bug.cgi?id=1112813

6 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for CVE-2014-3521

nvd1 prion1 cvelist1 veracode2 nessus4 centos1 openvas2 redhat1 oraclelinux1