Lucene search

[email protected]CVE-2010-3244

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2010-3244

2022-10-0316:20:54

CWE-200

[email protected]

web.nvd.nist.gov

cve-2010-3244

blackboard transact suite

local users

database password

security vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field.

Affected configurations

NVD

Node

blackboardtransact_suiteRange≤3.6.0.1

CPENameOperatorVersion
blackboard:transact_suiteblackboard transact suitele3.6.0.1

CPE	Name	Operator	Version
blackboard:transact_suite	blackboard transact suite	le	3.6.0.1

References

www.kb.cert.org/vuls/id/204055

www.kb.cert.org/vuls/id/MAPG-86YPVM

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2010-3244

nvd1 prion1 cvelist1