CVE-2014-1930 - OpenCVE

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Visibility Software	Cyber Recruiter

Configuration 1 [-]

OR	cpe:2.3:a:visibility_software:cyber_recruiter::::::::
	cpe:2.3:a:visibility_software:cyber_recruiter:6.2:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:6.4:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:6.6:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:6.8:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:7.0:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:7.2:::::::*

References

Link	Resource
http://jvn.jp/vu/JVNVU97441356/index.html
http://osvdb.org/102814
http://osvdb.org/102815
http://www.kb.cert.org/vuls/id/566894	US Government Resource
http://www.securityfocus.com/bid/65305
http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-02-10T22:00:00

Updated: 2014-02-18T17:57:02

Reserved: 2014-02-10T00:00:00

Link: CVE-2014-1930

JSON object: View

NVD Information

Status : Modified

Published: 2014-02-10T22:55:03.887

Modified: 2014-02-21T05:06:47.657

Link: CVE-2014-1930

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-27T00:00:00", "descriptions": [{"lang": "en", "value": "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-18T17:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#566894", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/566894"}, {"name": "102814", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/102814"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"}, {"tags": ["x_refsource_MISC"], "url": "http://jvn.jp/vu/JVNVU97441356/index.html"}, {"name": "65305", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65305"}, {"name": "102815", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/102815"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1930", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#566894", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/566894"}, {"name": "102814", "refsource": "OSVDB", "url": "http://osvdb.org/102814"}, {"name": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details", "refsource": "CONFIRM", "url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"}, {"name": "http://jvn.jp/vu/JVNVU97441356/index.html", "refsource": "MISC", "url": "http://jvn.jp/vu/JVNVU97441356/index.html"}, {"name": "65305", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65305"}, {"name": "102815", "refsource": "OSVDB", "url": "http://osvdb.org/102815"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1930", "datePublished": "2014-02-10T22:00:00", "dateReserved": "2014-02-10T00:00:00", "dateUpdated": "2014-02-18T17:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E219E01-59F5-4AF7-AEE1-48E1F57CC216", "versionEndIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "999F78ED-5A81-4CD3-BE92-EAD36781FFFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "7D000435-C3E3-4511-8E94-74CD6A24826C", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "ACA334AA-0064-4967-B4F2-3678E59813E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "ACD7E9E4-E187-4FC7-92B9-8C152B323F76", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F875BF2-6BA6-43AD-8F46-EE4B9911F9BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "4D406D9A-ACE3-4FFA-9B33-AB056222BDFB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."}, {"lang": "es", "value": "Visibility Software Cyber Recruiter anterior a 8.1.00 no maneja adecuadamente la combinaci\u00f3n de cabezeras de transporte y respuesta HTTPS para prevenir el acceso a (1) AppSelfService.aspx y (2) AgencyPortal.aspx en el historial del navegador, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante el aprovechamiento de una estaci\u00f3n de trabajo sin supervisi\u00f3n."}], "id": "CVE-2014-1930", "lastModified": "2014-02-21T05:06:47.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-10T22:55:03.887", "references": [{"source": "cve@mitre.org", "url": "http://jvn.jp/vu/JVNVU97441356/index.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/102814"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/102815"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/566894"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/65305"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}