CVE-2010-3245

Published Sep 7, 2010

Last updated 12 years ago

Overview

Description: The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:blackboard:transact_suite:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82AEFAA6-F5EE-416C-92EE-9B7DAEAC723A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References