Vulnerabilities > Netsweeper > Netsweeper > 4.0.3

DATE CVE VULNERABILITY TITLE RISK
2017-09-19 CVE-2014-9616 Information Exposure vulnerability in Netsweeper
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page.
network
low complexity
netsweeper CWE-200
5.0
5.0
2017-09-19 CVE-2014-9611 Improper Authentication vulnerability in Netsweeper
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
network
low complexity
netsweeper CWE-287
7.5
7.5
2017-09-19 CVE-2014-9610 Permissions, Privileges, and Access Controls vulnerability in Netsweeper
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
network
low complexity
netsweeper CWE-264
5.0
5.0
2015-09-04 CVE-2014-9605 Improper Authentication vulnerability in Netsweeper
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php.
network
low complexity
netsweeper CWE-287
critical
 9.4
9.4