CVE-2014-8437
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
11/11/2014
Last modified:
12/04/2025
Description
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 13.0 (including) | 13.0.0.252 (excluding) |
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 14.0 (including) | 14.0.0.179 (including) |
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 15.0 (including) | 15.0.0.223 (excluding) |
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 11.0 (including) | 11.2.202.418 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:* | 15.0.0.356 (including) | |
| cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:* | 15.0.0.356 (including) | |
| cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:* | 15.0.0.356 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://helpx.adobe.com/security/products/flash-player/apsb14-24.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
- http://www.securityfocus.com/bid/71036
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98628
- http://helpx.adobe.com/security/products/flash-player/apsb14-24.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
- http://www.securityfocus.com/bid/71036
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98628