← Back

CVE-2014-9618

nvd nistnuclei
Published: Sep 19, 2017Modified: May 13, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.

Affected (12)

Netsweeper
1 product
Netsweeper
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Netsweeper
Netsweeper
Up to 3.1.9
Netsweeper
Version 4.0.0
Netsweeper
Version 4.0.1
Netsweeper
Version 4.0.2
Netsweeper
Version 4.0.3
Netsweeper
Version 4.0.4
Netsweeper
Version 4.0.5
Netsweeper
Version 4.0.6
Netsweeper
Version 4.0.7
Netsweeper
Version 4.0.8
Netsweeper
Version 4.1.0
Netsweeper
Version 4.1.1

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.