CVE-2012-2173
Published Jun 20, 2012
Last updated 7 years ago
Overview
- Description
- The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-255
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2A8F522-B785-4C9D-B133-D895B8A5D0E2"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66B37DEF-109F-4769-901C-DD8B33DEA054"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FA1883D-1576-43B9-904A-536C0C249112"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6990B7A5-3C72-494B-A512-23E508B71CE4"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBE84BDC-3AC4-4BD2-9BF8-3C6C5E1DCF56"
}
],
"operator": "OR"
}
]
}
]