PT-2011-2330 · Collabnet · Collabnet Scrumworks Basic

David Elze

Published

2011-01-24

Updated

2017-08-17

CVE-2011-0410

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CollabNet ScrumWorks Basic version 1.8.4

Description The issue allows context-dependent attackers to obtain sensitive information. This can be achieved by either sniffing the network for transmissions of Java objects or reading the database, as the software uses cleartext credentials for network communication and the internal database.

Recommendations For CollabNet ScrumWorks Basic version 1.8.4, consider restricting access to the database and network transmissions to minimize the risk of exploitation. As a temporary workaround, restrict the use of cleartext credentials in network communication and the internal database until a more secure method is implemented.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2011-0410

Affected Products

Collabnet Scrumworks Basic

PT-2011-2330 · Collabnet · Collabnet Scrumworks Basic

CVE-2011-0410

Weakness Enumeration

Related Identifiers

Affected Products

References · 6