Lucene search

[email protected]CVE-2008-4646

HistoryOct 22, 2008 - 12:11 a.m.

CVE-2008-4646

2008-10-2200:11:50

CWE-255

[email protected]

web.nvd.nist.gov

websense

reporter module

websense enterprise

cve-2008-4646

sql database

plaintext

local users

database privileges

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database.

Affected configurations

NVD

Node

websenseenterpiseMatch6.3.2

CPENameOperatorVersion
websense:enterpisewebsense enterpiseeq6.3.2

CPE	Name	Operator	Version
websense:enterpise	websense enterpise	eq	6.3.2

References

secunia.com/advisories/32264

www.securityfocus.com/bid/31746

www.securitytracker.com/id?1021058

www.vupen.com/english/advisories/2008/2819

www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-4646

cvelist1 prion1 nvd1