Lucene search

[email protected]NVD:CVE-2007-4150

HistoryAug 03, 2007 - 8:17 p.m.

CVE-2007-4150

2007-08-0320:17:00

CWE-327

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

47.1%

JSON

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.

Affected configurations

Nvd

Node

visionsoftauditMatch12.4.0.0

VendorProductVersionCPE
visionsoftaudit12.4.0.0cpe:2.3:a:visionsoft:audit:12.4.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
visionsoft	audit	12.4.0.0	cpe:2.3:a:visionsoft:audit:12.4.0.0:::::::*

References

osvdb.org/46979

www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt

www.securityfocus.com/bid/25153

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

47.1%

JSON

Related for NVD:CVE-2007-4150

cvelist1 cve1 prion1 openvas1