PT-2010-4680 · Blackboard · Blackboard Transact Suite

John Fisher

Published

2010-09-07

Updated

2010-09-08

CVE-2010-3244

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Blackboard Transact Suite versions prior to 3.6.0.2

Description The issue allows local users to discover the database password by modifying the connection.xml file. This is due to BbtsConnection Edit.exe relying on field names when determining whether to decrypt a connection.xml field value.

Recommendations For versions prior to 3.6.0.2, update to version 3.6.0.2 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2010-3244

Affected Products

Blackboard Transact Suite

PT-2010-4680 · Blackboard · Blackboard Transact Suite

CVE-2010-3244

Weakness Enumeration

Related Identifiers

Affected Products

References · 4