Vulnerability CVE-2014-0348


Published: 2014-04-15

Description:
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding username on a Windows client machine.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Ontariosystems -> Artiva architect 
Ontariosystems -> Artiva healthcare 
Ontariosystems -> Artiva rm 
Ontariosystems -> Artiva workstation 

 References:
http://www.kb.cert.org/vuls/id/215284

Copyright 2024, cxsecurity.com

 

Back to Top