The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-07-25T19:00:00
Updated: 2024-08-06T10:06:00.234Z
Reserved: 2014-02-26T00:00:00
Link: CVE-2014-2227
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-07-25T19:55:03.847
Modified: 2024-11-21T02:05:52.980
Link: CVE-2014-2227
Redhat
No data.