Lucene search
AppleCVE-2014-4446HistoryOct 18, 2014 - 1:55 a.m.
CVE-2014-4446
2014-10-1801:55:13
CWE-264
apple
web.nvd.nist.gov
35
cve-2014-4446
mail service
apple os x server
sacl
access restrictions
remote authentication
nvd
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
AI Score
3.2
Confidence
Low
EPSS
0.002
Percentile
54.1%
Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator.
Affected configurations
Node
appleos_x_serverRange≤3.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | os_x_server | * | cpe:2.3:o:apple:os_x_server:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2014-4446
2014-10-18 01:55:13
cvelist
cvelist
CVE-2014-4446
2014-10-18 01:00:00
prion
prion
Design/Logic Flaw
2014-10-18 01:55:00
openvas
openvas
Apple OS X Server Multiple Vulnerabilities (Dec 2016)
2016-12-05 00:00:00
securityvulns
securityvulns
APPLE-SA-2014-10-16-3 OS X Server v4.0
2014-10-18 00:00:00
Apple OS X / OS X Server multiple security vulnerabilities
2014-10-18 00:00:00
nessus
nessus
Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)
2014-10-21 00:00:00
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
AI Score
3.2
Confidence
Low
EPSS
0.002
Percentile
54.1%
Related for CVE-2014-4446