3 matches found
Sierra Library Services Platform Multiple Vulnerability Disclosure
Product: Sierra Library Services Platform Vendor: Innovative Interfaces Inc Vulnerable Version: 1.23 Tested Version: 1.23 Vendor Notification: June 19, 2014 Public Disclosure: August 26, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-5136 Risk Level: Medium CVSSv2 Ba...
CVE-2014-5137
Innovative Interfaces Sierra Library Services Platform 1.23 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule...
CVE-2014-5137
The Sierra Library Services Platform (Product: Sierra Library Services Platform; Vendor: Innovative Interfaces Inc) 1.2_3 is affected by CVE-2014-5137 due to a login response discrepancy that differs based on whether a user account exists. This behavior enables remote attackers to enumerate valid...