CVE-2020-10552

{"id": "CVE-2020-10552", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2021-02-05T20:15:12.777", "references": [{"url": "https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Psyprax versiones anteriores a 3.2.2. La base de datos Firebird es accesible con el usuario predeterminado sysdba y la contrase\u00f1a masterke despu\u00e9s de la instalaci\u00f3n. Esto permite a cualquier usuario acceder a \u00e9l y leer y modificar el contenido, incluyendo las contrase\u00f1as. Asimismo, los archivos de la base de datos local pueden ser accedidos"}], "lastModified": "2024-11-21T04:55:34.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:psyprax:psyprax:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BF504F8-37CA-41C2-8A4A-78CD57197D2C", "versionEndExcluding": "3.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}