CVE-2011-0410

Name of the Vulnerable Software and Affected Versions CollabNet ScrumWorks Basic version 1.8.4

Description The issue allows context-dependent attackers to obtain sensitive information. This can be achieved by either sniffing the network for transmissions of Java objects or reading the database, as the software uses cleartext credentials for network communication and the internal database.

Recommendations For CollabNet ScrumWorks Basic version 1.8.4, consider restricting access to the database and network transmissions to minimize the risk of exploitation. As a temporary workaround, restrict the use of cleartext credentials in network communication and the internal database until a more secure method is implemented.