CVE-2014-125060

holdennb CollabCal calenderServer.cpp handleGet improper authentication

CVSS 7.3 HIGHEPSS 1.0%CWE-287

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.3EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

07 Jan 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

holdennb · CollabCal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6 https://vuldb.com/?ctiid.217614 https://vuldb.com/?id.217614