fkie_nvd - fkie_cve-2014-2659

fkie_cve-2014-2659

Vulnerability from fkie_nvd

Published

2014-04-22 14:23

Modified

2024-11-21 02:06

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/58037	Vendor Advisory
cve@mitre.org	http://www.papercut-mf.com/release-history/
cve@mitre.org	http://www.papercut.com/release-history/
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/92648
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58037	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.papercut-mf.com/release-history/
af854a3a-2127-422b-91ae-364da2661108	http://www.papercut.com/release-history/
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/92648

Impacted products

Vendor	Product	Version
papercut	papercut_mf	*
papercut	papercut_mf	12.0
papercut	papercut_mf	12.1
papercut	papercut_mf	12.2
papercut	papercut_mf	12.3
papercut	papercut_mf	12.4
papercut	papercut_mf	12.5
papercut	papercut_mf	13.0
papercut	papercut_mf	13.1
papercut	papercut_mf	13.2
papercut	papercut_mf	13.3
papercut	papercut_mf	13.4
papercut	papercut_mf	13.5
papercut	papercut_mf	14.0
papercut	papercut_ng	*
papercut	papercut_ng	12.0
papercut	papercut_ng	12.1
papercut	papercut_ng	12.2
papercut	papercut_ng	12.3
papercut	papercut_ng	12.4
papercut	papercut_ng	12.5
papercut	papercut_ng	13.0
papercut	papercut_ng	13.1
papercut	papercut_ng	13.2
papercut	papercut_ng	13.3
papercut	papercut_ng	13.4
papercut	papercut_ng	13.5
papercut	papercut_ng	14.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C39F2093-2205-4065-930D-433B45C6F868",
              "versionEndIncluding": "14.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF398E65-476C-41C5-9C96-243740F1B429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "322A6E60-374D-437D-9F7F-C0DE19894279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DECB5F11-6E2B-42B6-8964-83EA876BF735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A31AA18-E4C0-4173-9461-2A51723C001C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "22BBE05F-26E5-417D-8841-9A2E47D040CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14BAE3F-FA54-4495-BE0C-913CC76E4B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05483BC-AF45-4A20-93F1-7B9CA6ED104D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "661D8595-B0C2-4B81-A921-18031B681B4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "851320F4-8239-482C-A164-1372D7C6AAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1429B0AE-F0BB-4770-B8AB-26CA0BBD9975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8966A5-3C9E-42DB-92A9-74975E6957FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2F6E5F3-FDED-47C6-91D4-6FC6317E4DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_mf:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3266B2-CBDC-432D-ACBA-FDF293368FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "159145D0-A4ED-4F74-9A1F-6BBB2CC7568A",
              "versionEndIncluding": "14.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F90D1A-6523-4EA2-BD70-3230E01A66E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD91C180-D7F1-43BE-8472-5E72DF27993E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2464601-F136-410A-862F-2273B1782AC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "419FEFF8-A892-403C-BF8A-304272EE16D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02D413C-693E-45B9-83A4-CBFA844FEBB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C8A222F-CEEF-481A-BE3C-0D736CE64A18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6C4B24-3F7E-48C8-9FE6-5DBFEB4425A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E34435-E2C8-417A-9950-FECD267DEA27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "30875001-1705-4B52-8DC2-6898DAE23BBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B66EF4D7-6BBE-4A71-A887-59105AFBEE6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2620A163-36DD-4D89-8044-893B1A4E823B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "00A6BA83-BF06-4E4A-A474-0AB98C55F3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:papercut:papercut_ng:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9025F2-7C5C-4FC9-A239-584215618239",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en la interfaz de usuario de administraci\u00f3n en Papercut MF y NG anterior a 14.1 (Build 26983) permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-2659",
  "lastModified": "2024-11-21T02:06:44.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-04-22T14:23:35.910",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/58037"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.papercut-mf.com/release-history/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.papercut.com/release-history/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/58037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.papercut-mf.com/release-history/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.papercut.com/release-history/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92648"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2014-2659

Vulnerability from cvelistv5

Published

2014-04-22 14:00

Modified

2024-08-06 10:21