Back to search
CVE-2014-2227
Published: Jul 25, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20140724 CVE-2014-2227: Ubiquiti Networks - AirVision v2.1.3 - Overly Permissive default crossdomain.xml
mailing-list
x_refsource_FULLDISC
http://sethsec.blogspot.com/2014/07/cve-2014-2227.html
x_refsource_MISC
68866
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now