2 matches found
CVE-2012-2603
CVE-2012-2603 affects CollabNet ScrumWorks Pro prior to 6.0. The vulnerability allows remote authenticated users to escalate privileges and access sensitive information by using a modified desktop client; exploitation relies on recompiling the client to bypass normal privilege checks. CollabNet s...
CVE-2011-0410
CVE-2011-0410 affects CollabNet ScrumWorks Basic 1.8.4. The server–client communications transmit credential information in plaintext via unencrypted Java objects, and the internal database may store unencrypted usernames/passwords, enabling credential exposure through network sniffing or databas...