Lucene search

[email protected]CVE-2008-6955

HistoryAug 12, 2009 - 10:30 a.m.

CVE-2008-6955

2009-08-1210:30:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-6955

mxcamarchive

sensitive information

access control

remote attackers

configuration details

passwords

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.4%

JSON

mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini.

Affected configurations

NVD

Node

infirealmxcamarchiveMatch2.2

CPENameOperatorVersion
infireal:mxcamarchiveinfireal mxcamarchiveeq2.2

CPE	Name	Operator	Version
infireal:mxcamarchive	infireal mxcamarchive	eq	2.2

References

osvdb.org/49886

secunia.com/advisories/32751

www.securityfocus.com/bid/32324

exchange.xforce.ibmcloud.com/vulnerabilities/46647

www.exploit-db.com/exploits/7136

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for CVE-2008-6955

prion1 nvd1 cvelist1