Home > Vulnerability Database > CVE-2017-14337

Mend.io Vulnerability Database

CVE-2017-14337

Date: September 12, 2017

When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.

Language: PHP

Severity Score

8.1

Related Resources (4)

Url: https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9

Url: https://www.circl.lu/advisory/CVE-2017-14337/

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-14337

Url: https://www.mend.io/vulnerability-database/CVE-2017-14337

Severity Score

8.1

Weakness Type (CWE)

Improper Authentication

CWE-287

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-14337

Date: September 12, 2017

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?