PT-2014-5015 · Sitepark · Sitepark Information Enterprise Server

Published

2014-05-02

Updated

2018-10-09

CVE-2014-3006

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Sitepark Information Enterprise Server (IES) versions 2.9 through 2.9.5

Description The issue allows remote attackers to change the manager account password and obtain sensitive information via a request to "install/." when the software is upgraded from an earlier version.

Recommendations For versions 2.9 through 2.9.5, update to version 2.9.6 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-3006

Affected Products

Sitepark Information Enterprise Server

PT-2014-5015 · Sitepark · Sitepark Information Enterprise Server

CVE-2014-3006

Weakness Enumeration

Related Identifiers

Affected Products

References · 6