Lucene search
HistoryMar 14, 2014 - 4:55 p.m.
CVE-2014-2049
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
55.3%
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
Affected configurations
Node
owncloudowncloudMatch6.0.0
ORowncloudowncloudMatch6.0.1
Node
owncloudowncloudRange≤5.0.14
ORowncloudowncloudMatch3.0.0
ORowncloudowncloudMatch3.0.1
ORowncloudowncloudMatch3.0.2
ORowncloudowncloudMatch3.0.3
ORowncloudowncloudMatch4.0.0
ORowncloudowncloudMatch4.0.1
ORowncloudowncloudMatch4.0.2
ORowncloudowncloudMatch4.0.3
ORowncloudowncloudMatch4.0.4
ORowncloudowncloudMatch4.0.5
ORowncloudowncloudMatch4.0.6
ORowncloudowncloudMatch4.0.7
ORowncloudowncloudMatch4.0.8
ORowncloudowncloudMatch4.0.9
ORowncloudowncloudMatch4.0.10
ORowncloudowncloudMatch4.0.11
ORowncloudowncloudMatch4.0.12
ORowncloudowncloudMatch4.0.13
ORowncloudowncloudMatch4.0.14
ORowncloudowncloudMatch4.0.15
ORowncloudowncloudMatch4.0.16
ORowncloudowncloudMatch4.5.0
ORowncloudowncloudMatch4.5.1
ORowncloudowncloudMatch4.5.2
ORowncloudowncloudMatch4.5.3
ORowncloudowncloudMatch4.5.4
ORowncloudowncloudMatch4.5.5
ORowncloudowncloudMatch4.5.6
ORowncloudowncloudMatch4.5.7
ORowncloudowncloudMatch4.5.8
ORowncloudowncloudMatch4.5.9
ORowncloudowncloudMatch4.5.10
ORowncloudowncloudMatch4.5.11
ORowncloudowncloudMatch4.5.12
ORowncloudowncloudMatch4.5.13
ORowncloudowncloudMatch5.0.0
ORowncloudowncloudMatch5.0.1
ORowncloudowncloudMatch5.0.2
ORowncloudowncloudMatch5.0.3
ORowncloudowncloudMatch5.0.4
ORowncloudowncloudMatch5.0.5
ORowncloudowncloudMatch5.0.6
ORowncloudowncloudMatch5.0.7
ORowncloudowncloudMatch5.0.8
ORowncloudowncloudMatch5.0.9
ORowncloudowncloudMatch5.0.10
ORowncloudowncloudMatch5.0.11
ORowncloudowncloudMatch5.0.12
ORowncloudowncloudMatch5.0.13
| Vendor | Product | Version | CPE |
|---|---|---|---|
| owncloud | owncloud | 6.0.0 | cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:* |
| owncloud | owncloud | 6.0.1 | cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:* |
| owncloud | owncloud | * | cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:* |
| owncloud | owncloud | 3.0.0 | cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:* |
| owncloud | owncloud | 3.0.1 | cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:* |
| owncloud | owncloud | 3.0.2 | cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:* |
| owncloud | owncloud | 3.0.3 | cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:* |
| owncloud | owncloud | 4.0.0 | cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:* |
| owncloud | owncloud | 4.0.1 | cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:* |
| owncloud | owncloud | 4.0.2 | cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2014-03-14 16:55:00
cve
cve
CVE-2014-2049
2014-03-14 16:55:05
openvas
openvas
ownCloud Flash Cross-Domain Information Disclosure Vulnerability
2014-05-06 00:00:00
ubuntucve
ubuntucve
CVE-2014-2049
2014-03-14 00:00:00
cvelist
cvelist
CVE-2014-2049
2014-03-14 16:00:00
owncloud
owncloud
Server: LDAP injection
2014-07-03 02:00:00
Server: Host Header Poisoning
2014-07-03 02:00:00
LDAP injection - ownCloud
2014-07-03 18:22:11
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
55.3%
Related for NVD:CVE-2014-2049