Lucene search

[email protected]NVD:CVE-2014-7292

HistoryOct 23, 2014 - 2:55 p.m.

CVE-2014-7292

2014-10-2314:55:02

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

84.1%

JSON

Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

Affected configurations

NVD

Node

newtelligencedasblogMatch2.12.1.8102.813

newtelligencedasblogMatch2.22.2.8279.16125

newtelligencedasblogMatch2.32.3.9074.18820

References

packetstormsecurity.com/files/128749/Newtelligence-dasBlog-2.3-Open-Redirect.html

seclists.org/fulldisclosure/2014/Oct/91

www.securityfocus.com/bid/70654

www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability

exchange.xforce.ibmcloud.com/vulnerabilities/97667

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

84.1%

JSON

Related for NVD:CVE-2014-7292

cve1 cvelist1 packetstorm1 openvas1 prion1