CVE-2014-125060

EPSS 0.39%
Veröffentlicht 07.01.2023 13:15:09
Zuletzt bearbeitet 21.11.2024 02:03:42
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Collabcal Project ≫ Collabcal Version < 2014-12-09

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.593

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6

Patch

Third Party Advisory

https://vuldb.com/?ctiid.217614

Third Party Advisory

https://vuldb.com/?id.217614

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-125060

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-125060

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-125060

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-125060