Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.
References
Link | Resource |
---|---|
http://securitytracker.com/id?1022204 | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/503434/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/34911 | Broken Link Third Party Advisory VDB Entry |
http://www.syhunt.com/advisories/?id=aas-multiple | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/50590 | Third Party Advisory VDB Entry |
Configurations
History
14 Feb 2024, 15:20
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (BID) http://www.securityfocus.com/bid/34911 - Broken Link, Third Party Advisory, VDB Entry | |
References | (MISC) http://www.syhunt.com/advisories/?id=aas-multiple - Broken Link | |
References | (SECTRACK) http://securitytracker.com/id?1022204 - Broken Link, Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/503434/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/50590 - Third Party Advisory, VDB Entry | |
CWE | CWE-312 |
Information
Published : 2009-05-14 17:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-1466
Mitre link : CVE-2009-1466
CVE.ORG link : CVE-2009-1466
JSON object : View
Products Affected
klinzmann
- application_access_server
CWE
CWE-312
Cleartext Storage of Sensitive Information