CVE-2014-1930

Name of the Vulnerable Software and Affected Versions Visibility Software Cyber Recruiter versions prior to 8.1.00

Description The issue allows remote attackers to obtain sensitive information by leveraging an unattended workstation, due to the lack of appropriate HTTPS transport and response headers. This affects access to "AppSelfService.aspx" and "AgencyPortal.aspx" in the browser history.

Recommendations For versions prior to 8.1.00, update to version 8.1.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints "AppSelfService.aspx" and "AgencyPortal.aspx" to minimize the risk of exploitation.