VAR-201407-0236
Vulnerability from variot - Updated: 2023-12-18 13:14The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certain fields, an attacker can receive a session authentication cookie despite receiving an error message. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. If you set user, proj, and scada are set and bwuser is true, you can access multiple restricted pages. This may aid in further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0236",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "6.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "5.0"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "advantech",
"version": "7.0"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 1.4,
"vendor": "advantech",
"version": "7.2"
},
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "7.1"
},
{
"model": "webaccess",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "advantech webaccess",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "advantech webaccess",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "advantech webaccess",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "advantech webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1"
},
{
"db": "IVD",
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-249"
},
{
"db": "CNVD",
"id": "CNVD-2014-04531"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003490"
},
{
"db": "NVD",
"id": "CVE-2014-2367"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-479"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2367"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "John Leitch",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-249"
}
],
"trust": 0.7
},
"cve": "CVE-2014-2367",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2367",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2367",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04531",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-70306",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2367",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2014-2367",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-04531",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-479",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70306",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1"
},
{
"db": "IVD",
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-249"
},
{
"db": "CNVD",
"id": "CNVD-2014-04531"
},
{
"db": "VULHUB",
"id": "VHN-70306"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003490"
},
{
"db": "NVD",
"id": "CVE-2014-2367"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-479"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certain fields, an attacker can receive a session authentication cookie despite receiving an error message. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. If you set user, proj, and scada are set and bwuser is true, you can access multiple restricted pages. This may aid in further attacks. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2367"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003490"
},
{
"db": "ZDI",
"id": "ZDI-14-249"
},
{
"db": "CNVD",
"id": "CNVD-2014-04531"
},
{
"db": "BID",
"id": "68716"
},
{
"db": "IVD",
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1"
},
{
"db": "IVD",
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-70306"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2367",
"trust": 4.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-198-02",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201407-479",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2014-04531",
"trust": 1.0
},
{
"db": "BID",
"id": "68716",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003490",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2079",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-249",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D7FC402-463F-11E9-B23E-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E4A5D23C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-70306",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1"
},
{
"db": "IVD",
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-249"
},
{
"db": "CNVD",
"id": "CNVD-2014-04531"
},
{
"db": "VULHUB",
"id": "VHN-70306"
},
{
"db": "BID",
"id": "68716"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003490"
},
{
"db": "NVD",
"id": "CVE-2014-2367"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-479"
}
]
},
"id": "VAR-201407-0236",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1"
},
{
"db": "IVD",
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04531"
},
{
"db": "VULHUB",
"id": "VHN-70306"
}
],
"trust": 1.5326718400000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1"
},
{
"db": "IVD",
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04531"
}
]
},
"last_update_date": "2023-12-18T13:14:46.692000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Downloads ::: WebAccess Software",
"trust": 0.8,
"url": "http://webaccess.advantech.com/downloads.php?item=software"
},
{
"title": "Advantech WebAccess",
"trust": 0.8,
"url": "http://webaccess.advantech.com/"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-02"
},
{
"title": "Advantech WebAccess Remote Verification Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/47826"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-249"
},
{
"db": "CNVD",
"id": "CNVD-2014-04531"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003490"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70306"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003490"
},
{
"db": "NVD",
"id": "CVE-2014-2367"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2367"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2367"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-249"
},
{
"db": "CNVD",
"id": "CNVD-2014-04531"
},
{
"db": "VULHUB",
"id": "VHN-70306"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003490"
},
{
"db": "NVD",
"id": "CVE-2014-2367"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-479"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1"
},
{
"db": "IVD",
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-249"
},
{
"db": "CNVD",
"id": "CNVD-2014-04531"
},
{
"db": "VULHUB",
"id": "VHN-70306"
},
{
"db": "BID",
"id": "68716"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003490"
},
{
"db": "NVD",
"id": "CVE-2014-2367"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-479"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-24T00:00:00",
"db": "IVD",
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1"
},
{
"date": "2014-07-24T00:00:00",
"db": "IVD",
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-249"
},
{
"date": "2014-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04531"
},
{
"date": "2014-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-70306"
},
{
"date": "2014-07-15T00:00:00",
"db": "BID",
"id": "68716"
},
{
"date": "2014-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003490"
},
{
"date": "2014-07-19T05:09:27.720000",
"db": "NVD",
"id": "CVE-2014-2367"
},
{
"date": "2014-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-479"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-18T00:00:00",
"db": "ZDI",
"id": "ZDI-14-249"
},
{
"date": "2014-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04531"
},
{
"date": "2014-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-70306"
},
{
"date": "2014-07-22T00:07:00",
"db": "BID",
"id": "68716"
},
{
"date": "2014-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003490"
},
{
"date": "2014-07-23T18:47:15.103000",
"db": "NVD",
"id": "CVE-2014-2367"
},
{
"date": "2014-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-479"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-479"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess Remote Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7fc402-463f-11e9-b23e-000c29342cb1"
},
{
"db": "IVD",
"id": "e4a5d23c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-249"
},
{
"db": "CNVD",
"id": "CNVD-2014-04531"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-479"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…