Vulnerabilities > Netsweeper > Netsweeper > 4.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-19 | CVE-2014-9618 | Improper Authentication vulnerability in Netsweeper The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. | 7.5 |
| 2017-09-19 | CVE-2014-9616 | Information Exposure vulnerability in Netsweeper Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page. | 5.0 |
| 2017-09-19 | CVE-2014-9611 | Improper Authentication vulnerability in Netsweeper Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. | 7.5 |
| 2017-09-19 | CVE-2014-9610 | Permissions, Privileges, and Access Controls vulnerability in Netsweeper Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php. | 5.0 |
| 2015-09-04 | CVE-2014-9605 | Improper Authentication vulnerability in Netsweeper WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. | 9.4 |