CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
83.0%
Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a “Clear And Exit” action.
Vendor | Product | Version | CPE |
---|---|---|---|
noah_gray | graymatter | 1.1 | cpe:2.3:a:noah_gray:graymatter:1.1:*:*:*:*:*:*:* |
noah_gray | graymatter | 1.1b | cpe:2.3:a:noah_gray:graymatter:1.1b:*:*:*:*:*:*:* |
noah_gray | graymatter | 1.2b | cpe:2.3:a:noah_gray:graymatter:1.2b:*:*:*:*:*:*:* |
noah_gray | graymatter | 1.21 | cpe:2.3:a:noah_gray:graymatter:1.21:*:*:*:*:*:*:* |