CVE-2014-2233

Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp	Vendor Advisory
http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp	Vendor Advisory
http://www.christian-schneider.net/advisories/CVE-2014-2233.txt
http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp	Vendor Advisory
http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp	Vendor Advisory
http://www.christian-schneider.net/advisories/CVE-2014-2233.txt

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:infoware:mapsuite:1.0.35:::::::*
	cpe:2.3:a:infoware:mapsuite:1.1.48:::::::*

History

No history.

Information

Published : 2014-12-01 15:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-2233

Mitre link : CVE-2014-2233

CVE.ORG link : CVE-2014-2233

JSON object : View

Products Affected

infoware

mapsuite

CWE

NVD-CWE-Other

{"id": "CVE-2014-2233", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-01T15:59:03.250", "references": [{"url": "http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.christian-schneider.net/advisories/CVE-2014-2233.txt", "source": "cve@mitre.org"}, {"url": "http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.christian-schneider.net/advisories/CVE-2014-2233.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de SSRF en MapAPI en Infoware MapSuite anterior a 1.0.36 y 1.1.x anterior a 1.1.49 permite a atacantes remotos provocar solicitudes a servidores de intranet a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:infoware:mapsuite:1.0.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8640705E-73F8-4837-969B-072E878D6FA2"}, {"criteria": "cpe:2.3:a:infoware:mapsuite:1.1.48:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3F888F8-F45F-4EB7-A0CC-80247E783C0E"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/918.html\">CWE-918: Server-Side Request Forgery (SSRF)</a>", "sourceIdentifier": "cve@mitre.org"}