Lucene search

[email protected]CVE-2007-3146

HistoryJun 11, 2007 - 6:30 p.m.

CVE-2007-3146

2007-06-1118:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3146

zen help desk

sensitive information

web root

access control

remote attackers

database

password

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb.

CPENameOperatorVersion
zen_help_desk_software:zen_help_deskzen help desk software zen help deskeq2.1

CPE	Name	Operator	Version
zen_help_desk_software:zen_help_desk	zen help desk software zen help desk	eq	2.1

References

osvdb.org/39231

securityreason.com/securityalert/2788

www.securityfocus.com/archive/1/470803/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/34770

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for CVE-2007-3146

prion1