Lucene search

[email protected]CVE-2015-3001

HistoryJun 08, 2015 - 2:59 p.m.

CVE-2015-3001

2015-06-0814:59:09

CWE-255

[email protected]

web.nvd.nist.gov

sysaid

help desk

vulnerability

hardcoded password

cve-2015-3001

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.005

Percentile

77.5%

JSON

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

Affected configurations

NVD

Node

sysaidsysaidRange≤15.1

VendorProductVersionCPE
sysaidsysaidcpe:/a:sysaid:sysaid::::

Vendor	Product	Version	CPE
sysaid	sysaid		cpe:/a:sysaid:sysaid::::

References

packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html

seclists.org/fulldisclosure/2015/Jun/8

www.securityfocus.com/archive/1/535679/100/0/threaded

www.securityfocus.com/bid/75035

www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.005

Percentile

77.5%

JSON

Related for CVE-2015-3001

prion1 cvelist1 nvd1 openvas1 exploitpack1 packetstorm1 securityvulns2 zdt1 exploitdb1