What is CVE-2014-9624?

CVE-2014-9624 is a high-severity software vulnerability (Improper authentication) with a CVSS score of 7.5. CAPTCHA bypass vulnerability in MantisBT before 1.2.19.

Is CVE-2014-9624 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 3%.

What products does CVE-2014-9624 affect?

Tracked products affected include MantisBT. Check the version you run to see whether it is affected.

How do I fix CVE-2014-9624?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

← All products

CVE-2014-9624

HIGH severity · CVSS 7.5 · Improper authentication

7.5CVSS HIGH

Summary

CAPTCHA bypass vulnerability in MantisBT before 1.2.19.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactNone

Integrity impactHigh

Availability impactNone

Exploit probability (EPSS)3%

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products we track (1)

MantisBT

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

NVD record
https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=1.2.19Advisory
https://www.mantisbt.org/bugs/view.php?id=17984Advisory
http://www.openwall.com/lists/oss-security/2015/01/18/11Advisory
http://www.securitytracker.com/id/1031633Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1183593Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100213Advisory