Vulnerability Details CVE-2017-14322
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.233
EPSS Ranking 95.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://seclists.org/fulldisclosure/2017/Oct/39
- https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html
- https://www.exploit-db.com/exploits/44513/
- http://seclists.org/fulldisclosure/2017/Oct/39
- https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html
- https://www.exploit-db.com/exploits/44513/
Products affected by CVE-2017-14322
-
cpe:2.3:a:interspire:email_marketer:5.0.10
-
cpe:2.3:a:interspire:email_marketer:5.0.11
-
cpe:2.3:a:interspire:email_marketer:5.0.13
-
cpe:2.3:a:interspire:email_marketer:5.0.14
-
cpe:2.3:a:interspire:email_marketer:5.0.9
-
cpe:2.3:a:interspire:email_marketer:5.5.10
-
cpe:2.3:a:interspire:email_marketer:5.5.11
-
cpe:2.3:a:interspire:email_marketer:5.5.2
-
cpe:2.3:a:interspire:email_marketer:5.5.3
-
cpe:2.3:a:interspire:email_marketer:5.5.4
-
cpe:2.3:a:interspire:email_marketer:5.5.5
-
cpe:2.3:a:interspire:email_marketer:5.5.6
-
cpe:2.3:a:interspire:email_marketer:5.5.7
-
cpe:2.3:a:interspire:email_marketer:5.5.8
-
cpe:2.3:a:interspire:email_marketer:5.5.9
-
cpe:2.3:a:interspire:email_marketer:5.6.0
-
cpe:2.3:a:interspire:email_marketer:5.6.1
-
cpe:2.3:a:interspire:email_marketer:5.6.2
-
cpe:2.3:a:interspire:email_marketer:5.6.3
-
cpe:2.3:a:interspire:email_marketer:5.6.4
-
cpe:2.3:a:interspire:email_marketer:5.6.5
-
cpe:2.3:a:interspire:email_marketer:5.6.6
-
cpe:2.3:a:interspire:email_marketer:5.6.7
-
cpe:2.3:a:interspire:email_marketer:5.7.0
-
cpe:2.3:a:interspire:email_marketer:5.7.1
-
cpe:2.3:a:interspire:email_marketer:6.0.0
-
cpe:2.3:a:interspire:email_marketer:6.0.1
-
cpe:2.3:a:interspire:email_marketer:6.1.0
-
cpe:2.3:a:interspire:email_marketer:6.1.1
-
cpe:2.3:a:interspire:email_marketer:6.1.2
-
cpe:2.3:a:interspire:email_marketer:6.1.3
-
cpe:2.3:a:interspire:email_marketer:6.1.4
-
cpe:2.3:a:interspire:email_marketer:6.1.5