CVE-2014-1930

EUVD-2014-1988
Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
visibility_softwarecyber_recruiter
𝑥
≤ 8.0
visibility_softwarecyber_recruiter
6.2
visibility_softwarecyber_recruiter
6.4
visibility_softwarecyber_recruiter
6.6
visibility_softwarecyber_recruiter
6.8
visibility_softwarecyber_recruiter
7.0
visibility_softwarecyber_recruiter
7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/vu/JVNVU97441356/index.html
http://osvdb.org/102814
http://osvdb.org/102815
http://www.kb.cert.org/vuls/id/566894
http://www.securityfocus.com/bid/65305
http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details
http://jvn.jp/vu/JVNVU97441356/index.html
http://osvdb.org/102814
http://osvdb.org/102815
http://www.kb.cert.org/vuls/id/566894
http://www.securityfocus.com/bid/65305
http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details