Lucene search

PRIOn knowledge basePRION:CVE-2014-5376

HistoryOct 08, 2014 - 7:55 p.m.

Code injection

2014-10-0819:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.0%

JSON

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message.

CPENameOperatorVersion
moable7.2.8
moabeq8.0

CPE	Name	Operator	Version
	moab	le	7.2.8
	moab	eq	8.0

References

packetstormsecurity.com/files/128485/Moab-Insecure-Message-Signing-Authentication-Bypass.html

www.adaptivecomputing.com/security-advisory/

www.securityfocus.com/archive/1/533577/100/0/threaded

www.securityfocus.com/bid/70171

exchange.xforce.ibmcloud.com/vulnerabilities/96700

6.8 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.0%

JSON

Related for PRION:CVE-2014-5376