Описание
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 6.4.14 (включая)
cpe:2.3:a:jiwa:financials:*:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00115
Низкий
4.9 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.
EPSS
Процентиль: 31%
0.00115
Низкий
4.9 Medium
CVSS2
Дефекты
NVD-CWE-Other