CVE-2014-1930

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details	Vendor Advisory
http://www.kb.cert.org/vuls/id/566894	US Government Resource
http://osvdb.org/102815
http://jvn.jp/vu/JVNVU97441356/index.html
http://www.securityfocus.com/bid/65305
http://osvdb.org/102814

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:visibility_software:cyber_recruiter::::::::
	cpe:2.3:a:visibility_software:cyber_recruiter:6.6:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:6.8:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:7.0:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:7.2:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:6.2:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:6.4:::::::*

Information

Published : 2014-02-10 14:55

Updated : 2014-02-20 21:06

NVD link : CVE-2014-1930

Mitre link : CVE-2014-1930

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

Products Affected

visibility_software

cyber_recruiter

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details", "name": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/566894", "name": "VU#566894", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://osvdb.org/102815", "name": "102815", "tags": [], "refsource": "OSVDB"}, {"url": "http://jvn.jp/vu/JVNVU97441356/index.html", "name": "http://jvn.jp/vu/JVNVU97441356/index.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/65305", "name": "65305", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/102814", "name": "102814", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-1930", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-02-10T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:visibility_software:cyber_recruiter:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.0"}, {"cpe23Uri": "cpe:2.3:a:visibility_software:cyber_recruiter:6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:visibility_software:cyber_recruiter:6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:visibility_software:cyber_recruiter:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:visibility_software:cyber_recruiter:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:visibility_software:cyber_recruiter:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:visibility_software:cyber_recruiter:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-02-21T05:06Z"}