CVE-2014-9045

ownCloud Server <5.0.18, <6.0.6 - Auth Bypass

Title source: llm

Description

The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.

References (1)

[Vendor Advisory] https://owncloud.org/security/advisory/?id=oc-sa-2014-022

Scores

EPSS 0.0070

EPSS Percentile 71.8%

Classification

CWE

CWE-287

Status draft

Affected Products (25)

owncloud/owncloud < 5.0.17

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

owncloud/owncloud_server

... and 10 more

Timeline

Published Feb 04, 2015

Tracked Since Feb 18, 2026