CVE-2012-2422

Published Apr 25, 2012

Last updated 7 years ago

Overview

Description: Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.9
Impact score: 2.9
Exploitability score: 5.5
Vector string: AV:A/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "406C7E8C-1F81-482D-9E64-7DBFCBCFEEE6"
          },
          {
            "criteria": "cpe:2.3:a:intuit:quickbooks:2010:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16920868-86EE-483B-A6F1-383C7D006DF0"
          },
          {
            "criteria": "cpe:2.3:a:intuit:quickbooks:2011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B50F6D01-614E-4FDC-B4BE-4D0D3CEC52D6"
          },
          {
            "criteria": "cpe:2.3:a:intuit:quickbooks:2012:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4736C29C-D28D-4116-908B-EE55DD892B41"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References