CVE-2014-9618CVE-2014-9618

Affected configuration(s):

cpe:/a:netsweeper:netsweeper:3.1.9
cpe:/a:netsweeper:netsweeper:4.0.0
cpe:/a:netsweeper:netsweeper:4.0.1
cpe:/a:netsweeper:netsweeper:4.0.2
cpe:/a:netsweeper:netsweeper:4.0.3
cpe:/a:netsweeper:netsweeper:4.0.4
cpe:/a:netsweeper:netsweeper:4.0.5
cpe:/a:netsweeper:netsweeper:4.0.6
cpe:/a:netsweeper:netsweeper:4.0.7
cpe:/a:netsweeper:netsweeper:4.0.8
cpe:/a:netsweeper:netsweeper:4.1.0
cpe:/a:netsweeper:netsweeper:4.1.1

Date published: 2017-09-19T11:29:00.460-04:00

Date last modified: 2017-09-29T09:47:03.047-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html

Summary: The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.