- Description
- PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-200
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paperthin:commonspot_content_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD08E3EF-D249-4A29-A3E7-21BEA641CD84",
"versionEndIncluding": "7.0.1"
},
{
"criteria": "cpe:2.3:a:paperthin:commonspot_content_server:8.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FE207C4-6F10-49EA-9FEF-AD567BDB59C6"
},
{
"criteria": "cpe:2.3:a:paperthin:commonspot_content_server:8.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4602A36E-5F5B-4DC9-B556-097F0847F30B"
},
{
"criteria": "cpe:2.3:a:paperthin:commonspot_content_server:8.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6EDBF14-8C62-4E0F-A7A4-E196A9C21EA4"
}
],
"operator": "OR"
}
]
}
]