Lucene search

[email protected]CVE-2006-4615

HistorySep 07, 2006 - 12:04 a.m.

CVE-2006-4615

2006-09-0700:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4615

shape services

im+

mobile instant messenger

pocket pc

plaintext

sensitive information

file reading

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information by reading the file.

Affected configurations

NVD

Node

shape_servicesim\+_mobile_instant_messengerMatch3.10_for_pocket_pc

CPENameOperatorVersion
shape_services:im\+_mobile_instant_messengershape services im+ mobile instant messengereq3.10_for_pocket_pc

CPE	Name	Operator	Version
shape_services:im\+_mobile_instant_messenger	shape services im+ mobile instant messenger	eq	3.10_for_pocket_pc

References

airscanner.com/security/05081701_implus.htm

securityreason.com/securityalert/1518

www.securityfocus.com/archive/1/445082/100/0/threaded

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2006-4615

cvelist1 nvd1