Vulnerability Details CVE-2014-5375
The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.4%
CVSS Severity
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/128484/Moab-User-Impersonation.html
- http://www.adaptivecomputing.com/security-advisory/
- http://www.securityfocus.com/archive/1/533576/100/0/threaded
- http://www.securityfocus.com/bid/70174
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96698
- http://packetstormsecurity.com/files/128484/Moab-User-Impersonation.html
- http://www.adaptivecomputing.com/security-advisory/
- http://www.securityfocus.com/archive/1/533576/100/0/threaded
- http://www.securityfocus.com/bid/70174
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96698
Products affected by CVE-2014-5375
-
cpe:2.3:a:adaptivecomputing:moab:*
-
cpe:2.3:a:adaptivecomputing:moab:8.0