CVE-2014-1930 - OpenCVE

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Visibility Software	Cyber Recruiter

Configuration 1 [-]

OR	cpe:2.3:a:visibility_software:cyber_recruiter::::::::
	cpe:2.3:a:visibility_software:cyber_recruiter:6.2:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:6.4:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:6.6:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:6.8:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:7.0:::::::*
	cpe:2.3:a:visibility_software:cyber_recruiter:7.2:::::::*

No data.

References

Link	Providers
http://jvn.jp/vu/JVNVU97441356/index.html
http://osvdb.org/102814
http://osvdb.org/102815
http://www.kb.cert.org/vuls/id/566894
http://www.securityfocus.com/bid/65305
http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-02-10T22:00:00

Updated: 2024-08-06T09:58:15.519Z

Reserved: 2014-02-10T00:00:00

Link: CVE-2014-1930

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-02-10T22:55:03.887

Modified: 2014-02-21T05:06:47.657

Link: CVE-2014-1930

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-27T00:00:00", "descriptions": [{"lang": "en", "value": "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-18T17:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#566894", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/566894"}, {"name": "102814", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/102814"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"}, {"tags": ["x_refsource_MISC"], "url": "http://jvn.jp/vu/JVNVU97441356/index.html"}, {"name": "65305", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65305"}, {"name": "102815", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/102815"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1930", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#566894", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/566894"}, {"name": "102814", "refsource": "OSVDB", "url": "http://osvdb.org/102814"}, {"name": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details", "refsource": "CONFIRM", "url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"}, {"name": "http://jvn.jp/vu/JVNVU97441356/index.html", "refsource": "MISC", "url": "http://jvn.jp/vu/JVNVU97441356/index.html"}, {"name": "65305", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65305"}, {"name": "102815", "refsource": "OSVDB", "url": "http://osvdb.org/102815"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:15.519Z"}, "title": "CVE Program Container", "references": [{"name": "VU#566894", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/566894"}, {"name": "102814", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/102814"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jvn.jp/vu/JVNVU97441356/index.html"}, {"name": "65305", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65305"}, {"name": "102815", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/102815"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1930", "datePublished": "2014-02-10T22:00:00", "dateReserved": "2014-02-10T00:00:00", "dateUpdated": "2024-08-06T09:58:15.519Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E219E01-59F5-4AF7-AEE1-48E1F57CC216", "versionEndIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "999F78ED-5A81-4CD3-BE92-EAD36781FFFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "7D000435-C3E3-4511-8E94-74CD6A24826C", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "ACA334AA-0064-4967-B4F2-3678E59813E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "ACD7E9E4-E187-4FC7-92B9-8C152B323F76", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F875BF2-6BA6-43AD-8F46-EE4B9911F9BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:visibility_software:cyber_recruiter:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "4D406D9A-ACE3-4FFA-9B33-AB056222BDFB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."}, {"lang": "es", "value": "Visibility Software Cyber Recruiter anterior a 8.1.00 no maneja adecuadamente la combinaci\u00f3n de cabezeras de transporte y respuesta HTTPS para prevenir el acceso a (1) AppSelfService.aspx y (2) AgencyPortal.aspx en el historial del navegador, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante el aprovechamiento de una estaci\u00f3n de trabajo sin supervisi\u00f3n."}], "id": "CVE-2014-1930", "lastModified": "2014-02-21T05:06:47.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-10T22:55:03.887", "references": [{"source": "cve@mitre.org", "url": "http://jvn.jp/vu/JVNVU97441356/index.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/102814"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/102815"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/566894"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/65305"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}