- Description
- Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aenovo:aenovo:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0CA4376-FB7C-4FB3-AF36-E28907CB6A46"
},
{
"criteria": "cpe:2.3:a:aenovo:aenovoshop:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E84793B-F90B-440D-B6DD-4F9F1D4EC431"
},
{
"criteria": "cpe:2.3:a:aenovo:aenovowysi:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A66F6D79-0C97-4458-921C-48AECE03973A"
}
],
"operator": "OR"
}
]
}
]