{"api_version":"1","generated_at":"2026-04-23T09:04:11+00:00","cve":"CVE-2017-14322","urls":{"html":"https://cve.report/CVE-2017-14322","api":"https://cve.report/api/cve/CVE-2017-14322.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-14322","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-14322"},"summary":{"title":"CVE-2017-14322","description":"The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-10-18 18:29:00","updated_at":"2019-05-10 17:49:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html","name":"https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html","refsource":"MISC","tags":["Broken Link"],"title":"Narrative of an incident response – From compromise to the publication of the weakness - Infoteam SA","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/44513/","name":"44513","refsource":"EXPLOIT-DB","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass - PHP webapps Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2017/Oct/39","name":"20171017 [CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass","refsource":"FULLDISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: [CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-14322","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14322","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"14322","vulnerable":"1","versionEndIncluding":"6.1.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"interspire","cpe5":"email_marketer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-14322","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"44513","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/44513/"},{"name":"20171017 [CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2017/Oct/39"},{"name":"https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html","refsource":"MISC","url":"https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html"}]}},"nvd":{"publishedDate":"2017-10-18 18:29:00","lastModifiedDate":"2019-05-10 17:49:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:interspire:email_marketer:*:*:*:*:*:*:*:*","versionEndIncluding":"6.1.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"14322","Ordinal":"111753","Title":"CVE-2017-14322","CVE":"CVE-2017-14322","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"14322","Ordinal":"1","NoteData":"The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"14322","Ordinal":"2","NoteData":"2017-10-18","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"14322","Ordinal":"3","NoteData":"2018-04-26","Type":"Other","Title":"Modified"}]}}}