Lucene search

MitreCVE-2017-9615

HistoryJun 26, 2017 - 7:29 a.m.

CVE-2017-9615

2017-06-2607:29:00

CWE-532

CWE-732

mitre

web.nvd.nist.gov

cognito software

moneyworks

password exposure

administrator access

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.

Affected configurations

Nvd

Node

cognitomoneyworksRange≤8.0.3

VendorProductVersionCPE
cognitomoneyworks*cpe:2.3:a:cognito:moneyworks:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cognito	moneyworks	*	cpe:2.3:a:cognito:moneyworks::::::::

References

cognito.co.nz/mwcommunity/viewtopic.php?f=1&t=3542

gist.github.com/ari/e0dd74c12d84f102e3bcb365118e8c30

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

Related for CVE-2017-9615