CVE Vulnerabilities

CVE-2014-1217

Published: Apr 28, 2014 | Modified: Oct 09, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Timeline Livetecs 4.3.1 4.3.1
Timeline Livetecs 3.8.1 3.8.1
Timeline Livetecs 7.1.1 7.1.1
Timeline Livetecs 4.9.1 4.9.1
Timeline Livetecs 5.2.1 5.2.1
Timeline Livetecs 6.2.4 6.2.4
Timeline Livetecs 3.5.1 3.5.1
Timeline Livetecs 3.6.1 3.6.1
Timeline Livetecs 6.2.3 6.2.3
Timeline Livetecs 3.7.1 3.7.1
Timeline Livetecs 3.0.1 3.0.1
Timeline Livetecs 6.2.6 6.2.6
Timeline Livetecs 4.2.1 4.2.1
Timeline Livetecs 2.81 2.81
Timeline Livetecs 2.94 2.94
Timeline Livetecs 6.2.71 6.2.71
Timeline Livetecs 3.1.1 3.1.1
Timeline Livetecs 6.2.1 6.2.1
Timeline Livetecs 2.91 2.91
Timeline Livetecs 3.2.1 3.2.1
Timeline Livetecs 6.0.1 6.0.1
Timeline Livetecs 6.2.7 6.2.7
Timeline Livetecs 3.0.3 3.0.3
Timeline Livetecs 3.0.5 3.0.5

References