{"api_version":"1","generated_at":"2026-04-23T02:57:01+00:00","cve":"CVE-2014-2033","urls":{"html":"https://cve.report/CVE-2014-2033","api":"https://cve.report/api/cve/CVE-2014-2033.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-2033","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-2033"},"summary":{"title":"CVE-2014-2033","description":"The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2014-03-02 17:55:00","updated_at":"2018-12-12 16:59:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"https://kb.bluecoat.com/index?page=content&id=SA77","name":"https://kb.bluecoat.com/index?page=content&id=SA77","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Bluecoat Knowledge Base","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/221620","name":"VU#221620","refsource":"CERT-VN","tags":["US Government Resource"],"title":"Vulnerability Note VU#221620 - Blue Coat ProxySG local user changes contain a time and state vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-2033","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2033","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"2033","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"proxysgos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2033","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"proxysgos","cpe6":"6.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2033","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"proxysgos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2033","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"proxysgos","cpe6":"6.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2033","vulnerable":"1","versionEndIncluding":"5.5.11.3","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"proxysgos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2033","vulnerable":"1","versionEndIncluding":"6.1.6.3","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"proxysgos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2033","vulnerable":"1","versionEndIncluding":"6.2.15.3","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"proxysgos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2033","vulnerable":"1","versionEndIncluding":"6.4.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"proxysgos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-2033","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"VU#221620","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/221620"},{"name":"https://kb.bluecoat.com/index?page=content&id=SA77","refsource":"CONFIRM","url":"https://kb.bluecoat.com/index?page=content&id=SA77"}]}},"nvd":{"publishedDate":"2014-03-02 17:55:00","lastModifiedDate":"2018-12-12 16:59:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:M/Au:N/C:C/I:C/A:C","accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.9},"severity":"HIGH","exploitabilityScore":5.5,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:bluecoat:proxysgos:6.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:bluecoat:proxysgos:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndIncluding":"5.5.11.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:bluecoat:proxysgos:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndIncluding":"6.1.6.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:bluecoat:proxysgos:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndIncluding":"6.2.15.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:bluecoat:proxysgos:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndIncluding":"6.4.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:bluecoat:proxysgos:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.5.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"2033","Ordinal":"68914","Title":"CVE-2014-2033","CVE":"CVE-2014-2033","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"2033","Ordinal":"1","NoteData":"The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"2033","Ordinal":"2","NoteData":"2014-03-02","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"2033","Ordinal":"3","NoteData":"2014-03-02","Type":"Other","Title":"Modified"}]}}}