Lucene search
HistoryFeb 04, 2015 - 6:59 p.m.
CVE-2014-9049
cve-2014-9049
owncloud
server
remote code execution
authentication
nvd
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.7%
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.
Affected configurations
Node
owncloudowncloudMatch6.0.0
ORowncloudowncloudMatch6.0.1
ORowncloudowncloudMatch6.0.2
ORowncloudowncloudMatch6.0.3
ORowncloudowncloudMatch6.0.4
ORowncloudowncloudMatch6.0.5
ORowncloudowncloudMatch7.0.0
ORowncloudowncloudMatch7.0.1
ORowncloudowncloudMatch7.0.2
Related
prion
prion
Design/Logic Flaw
2015-02-04 18:59:00
owncloud
owncloud
Server: ACLs not properly enforced in "documents" application
2014-11-25 15:00:00
ACLs not properly enforced in "documents" application - ownCloud
2014-11-25 18:39:42
nvd
nvd
CVE-2014-9049
2015-02-04 18:59:08
cvelist
cvelist
CVE-2014-9049
2015-02-04 18:00:00
openvas
openvas
ownCloud Multiple Vulnerabilities -01 (Feb 2015)
2015-02-19 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.7%
Related for CVE-2014-9049