exploitDog

CVE-2017-9615

Опубликовано: 26 июн. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.

Ссылки

http://cognito.co.nz/mwcommunity/viewtopic.php?f=1&t=3542
Vendor Advisory
https://gist.github.com/ari/e0dd74c12d84f102e3bcb365118e8c30
Third Party Advisory
Vendor Advisory
http://cognito.co.nz/mwcommunity/viewtopic.php?f=1&t=3542
Vendor Advisory
https://gist.github.com/ari/e0dd74c12d84f102e3bcb365118e8c30
Third Party Advisory
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cognito:moneyworks:*:*:*:*:*:*:*:*

Версия до 8.0.3 (включая)

EPSS

Процентиль: 51%

0.00281

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

GHSA-f8cc-p734-ww7f

CVSS3: 9.8

github

больше 3 лет назад

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.

EPSS

Процентиль: 51%

0.00281

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-532