Vulnerability Details CVE-2014-8675
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.36
EPSS Ranking 96.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
- http://seclists.org/fulldisclosure/2015/Jul/44
- http://www.securityfocus.com/bid/75726
- https://www.exploit-db.com/exploits/37604/
- http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
- http://seclists.org/fulldisclosure/2015/Jul/44
- http://www.securityfocus.com/bid/75726
- https://www.exploit-db.com/exploits/37604/
Products affected by CVE-2014-8675
-
cpe:2.3:a:soplanning:soplanning:-
-
cpe:2.3:a:soplanning:soplanning:0.9
-
cpe:2.3:a:soplanning:soplanning:0.91
-
cpe:2.3:a:soplanning:soplanning:0.92
-
cpe:2.3:a:soplanning:soplanning:0.922
-
cpe:2.3:a:soplanning:soplanning:0.923
-
cpe:2.3:a:soplanning:soplanning:0.924
-
cpe:2.3:a:soplanning:soplanning:0.925
-
cpe:2.3:a:soplanning:soplanning:1.04
-
cpe:2.3:a:soplanning:soplanning:1.05
-
cpe:2.3:a:soplanning:soplanning:1.06
-
cpe:2.3:a:soplanning:soplanning:1.07
-
cpe:2.3:a:soplanning:soplanning:1.08
-
cpe:2.3:a:soplanning:soplanning:1.10
-
cpe:2.3:a:soplanning:soplanning:1.12
-
cpe:2.3:a:soplanning:soplanning:1.13
-
cpe:2.3:a:soplanning:soplanning:1.14
-
cpe:2.3:a:soplanning:soplanning:1.15
-
cpe:2.3:a:soplanning:soplanning:1.16
-
cpe:2.3:a:soplanning:soplanning:1.18
-
cpe:2.3:a:soplanning:soplanning:1.19
-
cpe:2.3:a:soplanning:soplanning:1.20
-
cpe:2.3:a:soplanning:soplanning:1.21
-
cpe:2.3:a:soplanning:soplanning:1.22
-
cpe:2.3:a:soplanning:soplanning:1.23
-
cpe:2.3:a:soplanning:soplanning:1.24
-
cpe:2.3:a:soplanning:soplanning:1.25
-
cpe:2.3:a:soplanning:soplanning:1.26
-
cpe:2.3:a:soplanning:soplanning:1.27
-
cpe:2.3:a:soplanning:soplanning:1.28
-
cpe:2.3:a:soplanning:soplanning:1.29
-
cpe:2.3:a:soplanning:soplanning:1.30
-
cpe:2.3:a:soplanning:soplanning:1.31
-
cpe:2.3:a:soplanning:soplanning:1.32