CVE-2014-5138

{"id": "CVE-2014-5138", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-01-14T16:15:11.463", "references": [{"url": "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule."}, {"lang": "es", "value": "Innovative Interfaces Sierra Library Services Platform  versi\u00f3n 1.2_3, no maneja apropiadamente las cadenas de consulta con m\u00faltiples instancias del mismo par\u00e1metro, lo que permite a atacantes remotos omitir la comprobaci\u00f3n de par\u00e1metros por medio de vectores no especificados, posiblemente relacionados con el subm\u00f3dulo Webpac Pro."}], "lastModified": "2024-11-21T02:11:29.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iii:sierra:1.2_3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6513645-C62F-49FB-B5AE-84A1FFC59292"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}