exploitDog

CVE-2010-3244

Опубликовано: 07 сент. 2010

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the field.

Ссылки

http://www.kb.cert.org/vuls/id/204055
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-86YPVM
http://www.kb.cert.org/vuls/id/204055
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-86YPVM

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:blackboard:transact_suite:*:*:*:*:*:*:*:*

Версия до 3.6.0.1 (включая)

EPSS

Процентиль: 37%

0.00155

Низкий

4.6 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-xhqj-mjjw-j4pv

github

больше 3 лет назад

BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field.

EPSS

Процентиль: 37%

0.00155

Низкий

4.6 Medium

CVSS2

Дефекты

CWE-200