CVE-2014-9045Improper Authentication in Owncloud

CWE-287Improper Authentication3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.7%
top 27.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedFeb 4
Latest updateMay 17

Description

The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDowncloud/owncloud_server23 versions+22
NVDowncloud/owncloud5.0.17

🔴Vulnerability Details

2
GHSA
GHSA-f9m9-635m-g7gh: The FTP backend in user_external in ownCloud Server before 52022-05-17
CVEList
CVE-2014-9045: The FTP backend in user_external in ownCloud Server before 52015-02-04
CVE-2014-9045 — Improper Authentication in Owncloud | cvebase