Lucene search

[email protected]NVD:CVE-2013-2747

HistoryJan 29, 2014 - 6:55 p.m.

CVE-2013-2747

2014-01-2918:55:26

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.003

Percentile

69.2%

JSON

The password reset feature in Courion Access Risk Management Suite Version 8 Update 9 allows remote authenticated users to bypass intended Internet Explorer usage restrictions and execute arbitrary commands by using keyboard shortcuts to navigate the file system and open a command prompt.

Affected configurations

Nvd

Node

courionaccess_risk_management_suiteMatch8.09

VendorProductVersionCPE
courionaccess_risk_management_suite8.0cpe:2.3:a:courion:access_risk_management_suite:8.0:9:*:*:*:*:*:*

Vendor	Product	Version	CPE
courion	access_risk_management_suite	8.0	cpe:2.3:a:courion:access_risk_management_suite:8.0:9::::::

References

blog.securestate.com/courion-authentication-bypass-vulnerability-disclosure-cve-2013-2747/

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.003

Percentile

69.2%

JSON

Related for NVD:CVE-2013-2747

cve1 prion1 cvelist1