Default credentials

2022-03-2222:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.

CPENameOperatorVersion
cmdbuildge3.0
cmdbuildle3.3.2

CPE	Name	Operator	Version
	cmdbuild	ge	3.0
	cmdbuild	le	3.3.2

References

www.cmdbuild.org/en/reference/news/cmdbuild-3-3-3-intermediate-release-vulnerability-patch