Lucene search

[email protected]CVE-2014-5385

HistoryAug 21, 2014 - 11:55 p.m.

CVE-2014-5385

2014-08-2123:55:02

CWE-287

[email protected]

web.nvd.nist.gov

shopizer

brute force attack

cve-2014-5385

password security

authentication restrictions

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.9%

JSON

com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack.

Affected configurations

NVD

Node

shopizershopizerRange≤1.1.5

CPENameOperatorVersion
shopizer:shopizershopizerle1.1.5

CPE	Name	Operator	Version
shopizer:shopizer	shopizer	le	1.1.5

References

seclists.org/fulldisclosure/2014/Jul/38

www.securityfocus.com/archive/1/532726/100/0/threaded

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.9%

JSON

Related for CVE-2014-5385

cvelist1 prion1 nvd1