NVD Vulnerability Detail

CVE-2014-1930

Summary	Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
Publication Date	Feb. 11, 2014, 7:55 a.m.
Registration Date	Jan. 26, 2021, 3:07 p.m.
Last Update	Nov. 21, 2024, 11:05 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:visibility_software:cyber_recruiter:6.2:::::::*
cpe:2.3:a:visibility_software:cyber_recruiter::::::::		8.0
cpe:2.3:a:visibility_software:cyber_recruiter:6.4:::::::*
cpe:2.3:a:visibility_software:cyber_recruiter:7.2:::::::*
cpe:2.3:a:visibility_software:cyber_recruiter:6.6:::::::*
cpe:2.3:a:visibility_software:cyber_recruiter:7.0:::::::*
cpe:2.3:a:visibility_software:cyber_recruiter:6.8:::::::*

Related information, measures and tools

No	URL	タグ
1	http://jvn.jp/vu/JVNVU97441356/index.html
2	http://jvn.jp/vu/JVNVU97441356/index.html
3	http://osvdb.org/102814
4	http://osvdb.org/102814
5	http://osvdb.org/102815
6	http://osvdb.org/102815
7	http://www.kb.cert.org/vuls/id/566894	US Government Resource
8	http://www.kb.cert.org/vuls/id/566894	US Government Resource
9	http://www.securityfocus.com/bid/65305
10	http://www.securityfocus.com/bid/65305
11	http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details	Vendor Advisory
12	http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-200	情報漏えい	https://cwe.mitre.org/data/definitions/200.html

JVN Vulnerability Information

Visibility Software Cyber Recruiter に認証回避の脆弱性

Title	Visibility Software Cyber Recruiter に認証回避の脆弱性
Summary	Visibility Software が提供する Cyber Recruiter には、認証回避 (CWE-305) の脆弱性が存在します。 CWE-305: Authentication Bypass by Primary Weakness http://cwe.mitre.org/data/definitions/305.html
Possible impacts	遠隔の第三者によって、AppSelfService.aspx および AgencyPortal.aspx から保護された情報を閲覧される可能性があります。
Solution	[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。
Publication Date	Feb. 3, 2014, midnight
Registration Date	Feb. 5, 2014, 4:08 p.m.
Last Update	Feb. 12, 2014, 5:24 p.m.

Affected System

Visibility Software

Cyber Recruiter 8.1.00 より前のバージョン

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-1930	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1930
National Vulnerability Database (NVD)
2	CVE-2014-1930	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1930

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html
2	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Visibility Software
1	Cyber Recruiter - Powered by HelpConsole 2010	http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details

その他

Change Log

No	Changed Details	Date of change
0	[2014年02月05日] 掲載 [2014年02月12日] CWE による脆弱性タイプ一覧：内容を更新共通脆弱性識別子(CVE)：CVE-ID を追加参考情報：Common Vulnerabilities and Exposures (CVE) (CVE-2014-1930) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:visibility_software:cyber_recruiter:6.2:::::::*
cpe:2.3:a:visibility_software:cyber_recruiter::::::::		8.0
cpe:2.3:a:visibility_software:cyber_recruiter:6.4:::::::*
cpe:2.3:a:visibility_software:cyber_recruiter:7.2:::::::*
cpe:2.3:a:visibility_software:cyber_recruiter:6.6:::::::*
cpe:2.3:a:visibility_software:cyber_recruiter:7.0:::::::*
cpe:2.3:a:visibility_software:cyber_recruiter:6.8:::::::*