Sign-up

ID

VAR-201402-0268


CVE

CVE-2014-0330


TITLE

Dell KACE K1000 management appliance contains a cross-site scripting vulnerability

Trust: 0.8

sources: CERT/CC: VU#813382

DESCRIPTION

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter. (CWE-79). Dell Provided by KACE K1000 Contains a cross-site scripting vulnerability. FlatNuke is a web content management system (CMS) based on text files. When a user browses an affected website, their browser will execute arbitrary script code provided by the attacker, which may cause the attacker to steal cookie-based authentication and launch other attacks. There are vulnerabilities in FlatNuke version 3.1.2, other versions may also be affected. Dell KACE K1000 is a set of IT equipment management solutions in the KACE system management series of Dell (Dell). This solution provides functions such as software distribution, configuration management, patch installation, and security vulnerability remediation. The vulnerability is caused by the fact that the adminui/user_list.php page does not sufficiently filter the 'LABEL_ID' parameter

Trust: 3.51

sources: NVD: CVE-2014-0330 // CERT/CC: VU#813382 // JVNDB: JVNDB-2014-001310 // CNNVD: CNNVD-201402-361 // BID: 65333 // BID: 65309 // VULHUB: VHN-67823

AFFECTED PRODUCTS

vendor:dellmodel:kace k1000 systems management appliance softwarescope:eqversion:5.5.90545

Trust: 1.6

vendor:dellmodel:kace k1000 systems management appliancescope:eqversion: -

Trust: 1.0

vendor:dell computermodel: - scope: - version: -

Trust: 0.8

vendor:dellmodel:kace k1000 systems management appliancescope: - version: -

Trust: 0.8

vendor:dellmodel:kace k1000 systems management appliance softwarescope:lteversion:version 5.5.90545

Trust: 0.8

vendor:flatnukemodel:flatnukescope:eqversion:3.1.2

Trust: 0.3

vendor:flatnukemodel:flatnukescope:neversion:3.1.3

Trust: 0.3

sources: CERT/CC: VU#813382 // BID: 65309 // JVNDB: JVNDB-2014-001310 // CNNVD: CNNVD-201402-082 // NVD: CVE-2014-0330

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2014-0330
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2014-0330
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201402-082
value: MEDIUM

Trust: 0.6

VULHUB: VHN-67823
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0330
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2014-0330
severity: MEDIUM
baseScore: 4.3
vectorString: NONE
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-67823
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#813382 // VULHUB: VHN-67823 // JVNDB: JVNDB-2014-001310 // CNNVD: CNNVD-201402-082 // NVD: CVE-2014-0330

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 2.7

sources: CERT/CC: VU#813382 // VULHUB: VHN-67823 // JVNDB: JVNDB-2014-001310 // NVD: CVE-2014-0330

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201402-361 // CNNVD: CNNVD-201402-082

TYPE

XSS

Trust: 1.2

sources: CNNVD: CNNVD-201402-361 // CNNVD: CNNVD-201402-082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001310

PATCH
title:Dell KACE K1000 Systems Management Applianceurl:http://www.kace.com/jp/products/systems-management-appliance
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001310

EXTERNAL IDS
db:CERT/CCid:VU#813382
Trust: 3.9
db:NVDid:CVE-2014-0330
Trust: 2.8
db:BIDid:65333
Trust: 1.4
db:OSVDBid:102855
Trust: 1.1
db:BIDid:65309
Trust: 0.9
db:JVNid:JVNVU95114228
Trust: 0.8
db:JVNDBid:JVNDB-2014-001310
Trust: 0.8
db:CNNVDid:CNNVD-201402-082
Trust: 0.7
db:CNNVDid:CNNVD-201402-361
Trust: 0.6
db:VULHUBid:VHN-67823
Trust: 0.1
sources:
            
            
            CERT/CC: VU#813382 // 
            
            
            
            VULHUB: VHN-67823 // 
            
            
            
            BID: 65333 // 
            
            
            
            BID: 65309 // 
            
            
            
            JVNDB: JVNDB-2014-001310 // 
            
            
            
            CNNVD: CNNVD-201402-361 // 
            
            
            
            CNNVD: CNNVD-201402-082 // 
            
            
            
            NVD: CVE-2014-0330

REFERENCES
url:http://www.kb.cert.org/vuls/id/813382
Trust: 3.1
url:http://www.kace.com/support/resources/kb/solutiondetail?sol=sol120154
Trust: 1.6
url:http://www.kace.com/products/systems-management-appliance
Trust: 1.4
url:http://www.securityfocus.com/bid/65333
Trust: 1.1
url:http://osvdb.org/102855
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90954
Trust: 1.1
url:http://cwe.mitre.org/data/definitions/79.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0330
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95114228/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0330
Trust: 0.8
url:http://www.securityfocus.com/bid/65309
Trust: 0.6
url:http://flatnuke.netsons.org/index.php?action=viewnews&news=1387985445
Trust: 0.3
sources:
            
            
            CERT/CC: VU#813382 // 
            
            
            
            VULHUB: VHN-67823 // 
            
            
            
            BID: 65333 // 
            
            
            
            BID: 65309 // 
            
            
            
            JVNDB: JVNDB-2014-001310 // 
            
            
            
            CNNVD: CNNVD-201402-361 // 
            
            
            
            CNNVD: CNNVD-201402-082 // 
            
            
            
            NVD: CVE-2014-0330

CREDITS
Canberk Bolat.
Trust: 0.9
sources:
            
            
            BID: 65309 // 
            
            
            
            CNNVD: CNNVD-201402-361

SOURCES
db:CERT/CCid:VU#813382
db:VULHUBid:VHN-67823
db:BIDid:65333
db:BIDid:65309
db:JVNDBid:JVNDB-2014-001310
db:CNNVDid:CNNVD-201402-361
db:CNNVDid:CNNVD-201402-082
db:NVDid:CVE-2014-0330

LAST UPDATE DATE
2025-04-11T23:15:23.235000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#813382date:2014-02-11T00:00:00
db:VULHUBid:VHN-67823date:2018-01-03T00:00:00
db:BIDid:65333date:2014-02-04T00:00:00
db:BIDid:65309date:2014-01-29T00:00:00
db:JVNDBid:JVNDB-2014-001310date:2014-02-10T00:00:00
db:CNNVDid:CNNVD-201402-361date:2014-02-26T00:00:00
db:CNNVDid:CNNVD-201402-082date:2014-02-11T00:00:00
db:NVDid:CVE-2014-0330date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#813382date:2014-02-04T00:00:00
db:VULHUBid:VHN-67823date:2014-02-06T00:00:00
db:BIDid:65333date:2014-02-04T00:00:00
db:BIDid:65309date:2014-01-29T00:00:00
db:JVNDBid:JVNDB-2014-001310date:2014-02-06T00:00:00
db:CNNVDid:CNNVD-201402-361date:2014-01-29T00:00:00
db:CNNVDid:CNNVD-201402-082date:2014-02-11T00:00:00
db:NVDid:CVE-2014-0330date:2014-02-06T23:55:03.993