CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-2227

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.036

EPSS Ranking 87.2%

CVSS Severity

CVSS v2 Score 6.0

References

http://seclists.org/fulldisclosure/2014/Jul/128
http://sethsec.blogspot.com/2014/07/cve-2014-2227.html
http://www.securityfocus.com/bid/68866
http://seclists.org/fulldisclosure/2014/Jul/128
http://sethsec.blogspot.com/2014/07/cve-2014-2227.html
http://www.securityfocus.com/bid/68866

Products affected by CVE-2014-2227

Ui » Unifi Video » Version: 2.1.3

cpe:2.3:a:ui:unifi_video:2.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2227

Products

Pricing

Contact Us