CVE-2015-0517

Sažetak

The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.

Reference

http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html
http://www.securityfocus.com/bid/72501
http://www.securitytracker.com/id/1031693
https://exchange.xforce.ibmcloud.com/vulnerabilities/100874

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

08-09-2017 - 01:29

Objavljeno

14-02-2015 - 15:59