Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3006

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-3006
Last Modified 05 May 2014 11:02:01
Published 02 May 2014 10:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-3006

Summary

Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.

Vulnerable Systems

Application

  • Sitepark Information Enterprise Server 2.9


References

MISC - https://www.lsexperts.de/advisories/lse-2014-04-10.txt

BID - 67165

BUGTRAQ - 20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access


Last Updated: 27 May 2016 11:05:11