1. CVE-Search
  2. CVE-2014-0786
ID CVE-2014-0786
Summary Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.
References
Vulnerable Configurations
  • cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4340:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4340:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4360:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4369:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4380:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4380:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.5.3900.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.5.3900.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.6.4000.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.60.4061:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.60.4061:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.71:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.71.4200:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.71.4200:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:3.72:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.00:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.00:*:*:*:*:*:*:*
  • cpe:2.3:a:ecava:integraxor:4.1.4390:*:*:*:*:*:*:*
    cpe:2.3:a:ecava:integraxor:4.1.4390:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 01-05-2014 - 16:18)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
confirm http://www.integraxor.com/blog/category/security/vulnerability-note/
misc http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01
Last major update 01-05-2014 - 16:18
Published 01-05-2014 - 01:56
Last modified 01-05-2014 - 16:18
Back to Top