How severe is CVE-2014-8730?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2014-8730?

This is classified as CWE-310, which is a common weakness in software security.

CVE-2014-8730

MEDIUM Year: 2014

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-310

View all →

Vulnerability Description

The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself.

CVE-2021-42001

CRITICAL

CVSS:9.9(Critical)

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successf...

CWE-3102021

CVE-2014-8684

CRITICAL

CVSS:9.8(Critical)

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by levera...

CWE-3102014

CVE-2014-8686

CRITICAL

CVSS:9.8(Critical)

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.

CWE-3102014

CVE-2015-8805

CRITICAL

CVSS:9.8(Critical)

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allow...

CWE-3102015

CVE-2015-9107

CRITICAL

CVSS:9.8(Critical)

Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or...

CWE-3102015

CVE-2016-0897

CRITICAL

CVSS:9.8(Critical)

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote...

CWE-3102016

CVE-2014-8730

Vulnerability Description

Related Vulnerabilities

CVE-2021-42001

CVE-2014-8684

CVE-2014-8686

CVE-2015-8805

CVE-2015-9107

CVE-2016-0897