Skip to main content

Remote Service Manager CVE-2014-7266

HIGH
Resource Management Errors (CWE-399)
2015-02-01 vultures@jpcert.or.jp
7.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
C

Lifecycle Timeline

1
CVE Published
Feb 01, 2015 - 15:59 cve.org
HIGH 7.8

DescriptionCVE.org

Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1983.

AnalysisAI

Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-399. Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1983. Affected products include: Cybozu Remote Service Manager. Version information: through 2.3.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-20795 HIGH
8.8 Oct 13

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows

CVE-2014-1983 HIGH
7.8 Apr 19

Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to

CVE-2014-1984 MEDIUM
6.8 Apr 19

Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.

CVE-2021-20804 MEDIUM
6.5 Oct 13

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition

CVE-2021-20801 MEDIUM
6.5 Oct 13

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks

CVE-2021-20796 MEDIUM
6.5 Oct 13

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated

CVE-2021-20807 MEDIUM
6.1 Oct 13

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote atta

CVE-2021-20806 MEDIUM
6.1 Oct 13

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitra

CVE-2021-20805 MEDIUM
5.4 Oct 13

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote auth

CVE-2021-20803 MEDIUM
5.4 Oct 13

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authentica

CVE-2021-20800 MEDIUM
5.4 Oct 13

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated

CVE-2021-20799 MEDIUM
5.4 Oct 13

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote auth

Share

CVE-2014-7266 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy