- Description
- EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sybase:easerver:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF9C6A53-8D65-4B4D-88A4-2F43D0823B7C"
},
{
"criteria": "cpe:2.3:a:sybase:easerver:5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7920CE9-8B9D-46BB-AEBC-7C129CB3C8BC"
}
],
"operator": "OR"
}
]
}
]