CVE-2010-1910

Опубликовано: 12 мая 2010

Источник: nvd

CVSS2: 5.1

EPSS Низкий

Описание

The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.

Ссылки

http://secunia.com/advisories/39740
Vendor Advisory
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/602801
Patch
US Government Resource
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.securityfocus.com/bid/40003
http://secunia.com/advisories/39740
Vendor Advisory
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/602801
Patch
US Government Resource
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.securityfocus.com/bid/40003

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*

cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*

cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*

cpe:2.3:a:consona:consona_live_assistance:*:*:*:*:*:*:*:*

cpe:2.3:a:consona:consona_subscriber_assistance:*:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01102

Низкий

5.1 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-r37f-74v3-cc63

github

больше 3 лет назад