6.4

CVE-2014-8598

EPSS 67.36%
Veröffentlicht 18.11.2014 15:59:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page.  NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mantisbt ≫ Mantisbt Version <= 1.2.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	67.36%	0.985

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://secunia.com/advisories/62101

http://www.debian.org/security/2015/dsa-3120

http://www.mantisbt.org/bugs/view.php?id=17780

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/11/07/28

http://www.securityfocus.com/bid/70996

https://exchange.xforce.ibmcloud.com/vulnerabilities/98573

https://github.com/mantisbt/mantisbt/commit/80a15487

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-8598

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-8598

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-8598

EUVD