Lucene search

[email protected]CVE-2014-5376

HistoryOct 08, 2014 - 7:55 p.m.

CVE-2014-5376

2014-10-0819:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2014-5376

adaptive computing moab

user validation

message impersonation

nvd

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.2%

JSON

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message.

CPENameOperatorVersion
adaptivecomputing:moabadaptivecomputing moable7.2.8
adaptivecomputing:moabadaptivecomputing moabeq8.0

CPE	Name	Operator	Version
adaptivecomputing:moab	adaptivecomputing moab	le	7.2.8
adaptivecomputing:moab	adaptivecomputing moab	eq	8.0

References

packetstormsecurity.com/files/128485/Moab-Insecure-Message-Signing-Authentication-Bypass.html

www.adaptivecomputing.com/security-advisory/

www.securityfocus.com/archive/1/533577/100/0/threaded

www.securityfocus.com/bid/70171

exchange.xforce.ibmcloud.com/vulnerabilities/96700

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for CVE-2014-5376

securityvulns2 prion1 zdt1 packetstorm1