Vulnerability Details : CVE-2014-0348
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding username on a Windows client machine.
Vulnerability category: BypassGain privilege
Products affected by CVE-2014-0348
- cpe:2.3:a:ontariosystems:artiva_workstation:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ontariosystems:artiva_rm:3.1:mr7:*:*:*:*:*:*
- cpe:2.3:a:ontariosystems:artiva_healthcare:5.2:mr5:*:*:*:*:*:*
- cpe:2.3:a:ontariosystems:artiva_architect:3.2:mr5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0348
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0348
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2014-0348
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0348
-
http://www.kb.cert.org/vuls/id/215284
VU#215284 - Artiva Agency Single Sign-On (SSO) feature vulnerabilityUS Government Resource
Jump to