Lucene search

CertccCVE-2013-3593

HistoryOct 03, 2013 - 11:04 a.m.

CVE-2013-3593

2013-10-0311:04:43

CWE-310

certcc

web.nvd.nist.gov

baramundi

management suite

7.5

8.9

cleartext

communication

data storage

remote attackers

sensitive information

network sniffing

file reading

vulnerability

cve-2013-3593

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

71.1%

JSON

Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file.

Affected configurations

Nvd

Node

baramundimanagement_suiteMatch7.5

baramundimanagement_suiteMatch7.6

baramundimanagement_suiteMatch8.0

baramundimanagement_suiteMatch8.1

baramundimanagement_suiteMatch8.2

baramundimanagement_suiteMatch8.3

baramundimanagement_suiteMatch8.5

baramundimanagement_suiteMatch8.6

baramundimanagement_suiteMatch8.7

baramundimanagement_suiteMatch8.8

baramundimanagement_suiteMatch8.9

VendorProductVersionCPE
baramundimanagement_suite7.5cpe:2.3:a:baramundi:management_suite:7.5:*:*:*:*:*:*:*
baramundimanagement_suite7.6cpe:2.3:a:baramundi:management_suite:7.6:*:*:*:*:*:*:*
baramundimanagement_suite8.0cpe:2.3:a:baramundi:management_suite:8.0:*:*:*:*:*:*:*
baramundimanagement_suite8.1cpe:2.3:a:baramundi:management_suite:8.1:*:*:*:*:*:*:*
baramundimanagement_suite8.2cpe:2.3:a:baramundi:management_suite:8.2:*:*:*:*:*:*:*
baramundimanagement_suite8.3cpe:2.3:a:baramundi:management_suite:8.3:*:*:*:*:*:*:*
baramundimanagement_suite8.5cpe:2.3:a:baramundi:management_suite:8.5:*:*:*:*:*:*:*
baramundimanagement_suite8.6cpe:2.3:a:baramundi:management_suite:8.6:*:*:*:*:*:*:*
baramundimanagement_suite8.7cpe:2.3:a:baramundi:management_suite:8.7:*:*:*:*:*:*:*
baramundimanagement_suite8.8cpe:2.3:a:baramundi:management_suite:8.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baramundi	management_suite	7.5	cpe:2.3:a:baramundi:management_suite:7.5:::::::*
baramundi	management_suite	7.6	cpe:2.3:a:baramundi:management_suite:7.6:::::::*
baramundi	management_suite	8.0	cpe:2.3:a:baramundi:management_suite:8.0:::::::*
baramundi	management_suite	8.1	cpe:2.3:a:baramundi:management_suite:8.1:::::::*
baramundi	management_suite	8.2	cpe:2.3:a:baramundi:management_suite:8.2:::::::*
baramundi	management_suite	8.3	cpe:2.3:a:baramundi:management_suite:8.3:::::::*
baramundi	management_suite	8.5	cpe:2.3:a:baramundi:management_suite:8.5:::::::*
baramundi	management_suite	8.6	cpe:2.3:a:baramundi:management_suite:8.6:::::::*
baramundi	management_suite	8.7	cpe:2.3:a:baramundi:management_suite:8.7:::::::*
baramundi	management_suite	8.8	cpe:2.3:a:baramundi:management_suite:8.8:::::::*

Rows per page:

1-10 of 111

References

www.kb.cert.org/vuls/id/392654

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

71.1%

JSON

Related for CVE-2013-3593