Lucene search

[email protected]NVD:CVE-2014-8472

HistoryNov 04, 2014 - 8:55 p.m.

CVE-2014-8472

2014-11-0420:55:04

CWE-287

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

81.0%

JSON

CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.

Affected configurations

NVD

Node

cacloud_service_managementRange≤2014spring

References

www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx

www.securityfocus.com/bid/70923

www.securitytracker.com/id/1031214

exchange.xforce.ibmcloud.com/vulnerabilities/98535

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

81.0%

JSON

Related for NVD:CVE-2014-8472

cvelist1 prion1 cve1 securityvulns2