exploitDog

CVE-2015-1608

Опубликовано: 16 фев. 2015

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors.

Ссылки

http://www.kb.cert.org/vuls/id/669156
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-9RUTH4
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/72518
http://www.kb.cert.org/vuls/id/669156
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-9RUTH4
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/72518

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:topline_systems:opportunity_form:-:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00868

Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-4gp2-86m5-2qx6

github

больше 3 лет назад

Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors.

EPSS

Процентиль: 75%

0.00868

Низкий

4 Medium

CVSS2

Дефекты

CWE-264