CVE-2017-14322

Published: Oct 18, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.

Affected (1)

Products: Interspire: Email Marketer

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Interspire Email Marketer	Up to 6.1.5

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://seclists.org/fulldisclosure/2017/Oct/39

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html

Source: cve@mitre.org

Broken Link

https://www.exploit-db.com/exploits/44513/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Oct/39

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.exploit-db.com/exploits/44513/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.