{"api_version":"1","generated_at":"2026-05-05T10:22:25+00:00","cve":"CVE-2014-5138","urls":{"html":"https://cve.report/CVE-2014-5138","api":"https://cve.report/api/cve/CVE-2014-5138.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-5138","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-5138"},"summary":{"title":"CVE-2014-5138","description":"Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-01-14 16:15:00","updated_at":"2020-01-21 16:20:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html","name":"https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"Sierra Library Services Platform 1.2_3 XSS / Enumeration ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-5138","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5138","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"5138","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iii","cpe5":"sierra","cpe6":"1.2_3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"5138","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iii","cpe5":"sierra","cpe6":"1.2_3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-5138","STATE":"PUBLIC"},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"references":{"reference_data":[{"refsource":"MISC","name":"https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html","url":"https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html"}]}},"nvd":{"publishedDate":"2020-01-14 16:15:00","lastModifiedDate":"2020-01-21 16:20:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:iii:sierra:1.2_3:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"5138","Ordinal":"72119","Title":"CVE-2014-5138","CVE":"CVE-2014-5138","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"5138","Ordinal":"1","NoteData":"Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"5138","Ordinal":"2","NoteData":"2020-01-14","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"5138","Ordinal":"3","NoteData":"2020-01-14","Type":"Other","Title":"Modified"}]}}}