Vulnerability Description
Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sitepark | Information Enterprise Server | 2.9 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Apr/317
- http://www.securityfocus.com/archive/1/531986/100/0/threaded
- http://www.securityfocus.com/bid/67165
- https://www.lsexperts.de/advisories/lse-2014-04-10.txt
- http://seclists.org/fulldisclosure/2014/Apr/317
- http://www.securityfocus.com/archive/1/531986/100/0/threaded
- http://www.securityfocus.com/bid/67165
- https://www.lsexperts.de/advisories/lse-2014-04-10.txt
FAQ
What is CVE-2014-3006?
CVE-2014-3006 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account pas...
How severe is CVE-2014-3006?
CVE-2014-3006 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3006?
Check the references section above for vendor advisories and patch information. Affected products include: Sitepark Information Enterprise Server.