Lucene search

[email protected]NVD:CVE-2004-1228

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1228

2005-01-1005:00:00

[email protected]

web.nvd.nist.gov

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.3%

JSON

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.

Affected configurations

NVD

Node

sugarcrmsugar_salesRange≤2.0.1c

References

marc.info/?l=bugtraq&m=110295433323795&w=2

exchange.xforce.ibmcloud.com/vulnerabilities/18449

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.3%

JSON

Related for NVD:CVE-2004-1228

cvelist1 cve1