Lucene search

[email protected]CVE-2010-0124

HistoryMar 15, 2010 - 1:28 p.m.

CVE-2010-0124

2010-03-1513:28:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2010-0124

timeclock software

database security

mysqldump

sensitive information disclosure

nvd

6.1 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

CPENameOperatorVersion
timeclock-software:employee_timeclock_softwaretimeclock-software employee timeclock softwareeq0.99

CPE	Name	Operator	Version
timeclock-software:employee_timeclock_software	timeclock-software employee timeclock software	eq	0.99

References

secunia.com/advisories/38739

secunia.com/secunia_research/2010-12/

www.osvdb.org/62830

www.securityfocus.com/archive/1/509996/100/0/threaded

www.securityfocus.com/bid/38642

exchange.xforce.ibmcloud.com/vulnerabilities/56800

6.1 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2010-0124

prion1 securityvulns2