Required CVE Record Information
Description
Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.
References 4 Total
- https://www.lsexperts.de/advisories/lse-2014-04-10.txt
- seclists.org: 20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access mailing-list
- securityfocus.com: 67165 vdb-entry
- securityfocus.com: 20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- https://www.lsexperts.de/advisories/lse-2014-04-10.txt x_transferred
- seclists.org: 20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access mailing-listx_transferred
- securityfocus.com: 67165 vdb-entryx_transferred
- securityfocus.com: 20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access mailing-listx_transferred