CVE-2017-14322
Summary
| CVE | CVE-2017-14322 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-18 18:29:00 UTC |
| Updated | 2019-05-10 17:49:00 UTC |
| Description | The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Interspire | Email Marketer | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Narrative of an incident response – From compromise to the publication of the weakness - Infoteam SA | MISC | security.infoteam.ch | Broken Link |
| Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass - PHP webapps Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Full Disclosure: [CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.