CVE-2014-2227

Name of the Vulnerable Software and Affected Versions UniFi Video versions prior to 3.0.1

Description The issue concerns the default Flash cross-domain policy in UniFi Video, which does not properly restrict access to the application. This allows remote attackers to bypass the Same Origin Policy by using a crafted SWF file.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the cross-domain policy file to minimize the risk of exploitation.