CVE-2010-3245

The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/204055	US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-86YPVM	US Government Resource
http://www.kb.cert.org/vuls/id/204055	US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-86YPVM	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:blackboard:transact_suite:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:18

Type	Values Removed	Values Added
References	~~() http://www.kb.cert.org/vuls/id/204055 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/204055 - US Government Resource
References	~~() http://www.kb.cert.org/vuls/id/MAPG-86YPVM - US Government Resource~~	() http://www.kb.cert.org/vuls/id/MAPG-86YPVM - US Government Resource

Information

Published : 2010-09-07 18:00

Updated : 2024-11-21 01:18

NVD link : CVE-2010-3245

Mitre link : CVE-2010-3245

CVE.ORG link : CVE-2010-3245

JSON object : View

Products Affected

blackboard

transact_suite

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2010-3245", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-09-07T18:00:02.417", "references": [{"url": "http://www.kb.cert.org/vuls/id/204055", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/204055", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file."}, {"lang": "es", "value": "La funcionalidad de backup automatizada en Blackboard Transact Suite (formalmente Blackboard Commerce Suite) almacena el (1) nombre de usuario de la base de datos y (2) contrase\u00f1a de la base de datos en texto claro en archivos de (a) secuencia de comandos (script) y (b) proceso por lotes (.bat), lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un archivo."}], "lastModified": "2024-11-21T01:18:21.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackboard:transact_suite:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82AEFAA6-F5EE-416C-92EE-9B7DAEAC723A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}