Lucene search

PRIOn knowledge basePRION:CVE-2015-3001

HistoryJun 08, 2015 - 2:59 p.m.

Hardcoded credentials

2015-06-0814:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.0%

JSON

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

CPENameOperatorVersion
sysaidle15.1

CPE	Name	Operator	Version
	sysaid	le	15.1

References

packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html

seclists.org/fulldisclosure/2015/Jun/8

www.securityfocus.com/archive/1/535679/100/0/threaded

www.securityfocus.com/bid/75035

www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for PRION:CVE-2015-3001