Lucene search

[email protected]CVE-2002-0487

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0487

2002-08-1204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

intellisol xpede

cve-2002-0487

password security

plaintext passwords

privilege escalation

7.5 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript “session timeout” re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser’s cache.

CPENameOperatorVersion
workforceroi:xpedeworkforceroi xpedeeq4.1
workforceroi:xpedeworkforceroi xpedeeq7.0

CPE	Name	Operator	Version
workforceroi:xpede	workforceroi xpede	eq	4.1
workforceroi:xpede	workforceroi xpede	eq	7.0

References

www.iss.net/security_center/static/8612.php

www.securityfocus.com/archive/1/263485

www.securityfocus.com/bid/4346

7.5 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON