NVD

Id
14658  
Name
CVE-2010-3244  
Description
BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field.  
Reject
 
CVSS Version
2  
CVSS Score
4.6  
Severity
Medium  
CVSS Base Score
4.6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-09-07  
Modified Date
2010-09-08  
Seq
2010-3244  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
81178 14658 CVE-2010-3244 VU#204055  View
81179 14658 CVE-2010-3244 http://www.kb.cert.org/vuls/id/MAPG-86YPVM  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
37248 JVNDB-2010-003033 Blackboard Transact Suite におけるデータベースのパスワードを発見される脆弱性 Blackboard Transact Suite の BbtsConnection_Edit.exe には、connection.xml のフィールド値を解読するかを判定する際に、フィールド名に依存するため、データベースのパスワードを発見される脆弱性が存在します。 CVE-2010-3244 45824 CVE-2010-3244 14658 4.6 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003033.html 2010-09-07 2012-03-27 View