CyberSec.Space Logo
Back to CVE Browser

CVE-2014-2048

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile14.41th
PublishedMar 26, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.

Affected Platforms (CPE)

πŸ“¦
Owncloud

Owncloud

< 5.0.15

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/91973
πŸ”— https://owncloud.org/security/advisories/insecure-openid-implementation/
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/91973
πŸ”— https://owncloud.org/security/advisories/insecure-openid-implementation/

Related Vulnerabilities

CVE-2015-471610.0

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on...

CVE-2019-253379.8

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulatin...

CVE-2021-359469.8

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and the...

CVE-2014-20529.8

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, ...