PT-2017-19074 · Cognito · Moneyworks

Aristedes Maniatis

·

Publicado

2017-06-26

·

Atualizado

2019-10-03

·

CVE-2017-9615

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Cognito Software Moneyworks versions 8.0.3 and earlier
Description The issue allows attackers to gain administrator access to all data. This is because verbose logging writes the administrator password to a world-readable file.
Recommendations For versions 8.0.3 and earlier, update to a version later than 8.0.3 to prevent password exposure. As a temporary workaround, consider disabling verbose logging until a patch is available.

Correção

Incorrect Permission

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-532

Identificadores relacionados

CVE-2017-9615

Produtos afetados

Moneyworks