Lucene search

[email protected]CVE-2006-2718

HistoryJun 01, 2006 - 1:02 a.m.

CVE-2006-2718

2006-06-0101:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2718

jiwa financials

sql server

crystal reports

stored procedures

remote access

authentication

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.2%

JSON

JIWA Financials 6.4.14 passes a Microsoft SQL Server account’s username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.

Affected configurations

NVD

Node

jiwafinancialsMatch6.4.14

CPENameOperatorVersion
jiwa:financialsjiwa financialseq6.4.14

CPE	Name	Operator	Version
jiwa:financials	jiwa financials	eq	6.4.14

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/046398.html

secunia.com/advisories/20342

securityreason.com/securityalert/1000

securitytracker.com/id?1016181

www.securityfocus.com/archive/1/435352/100/0/threaded

www.securityfocus.com/archive/1/435730/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26756

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.2%

JSON

Related for CVE-2006-2718

cvelist1 nvd1 prion1