Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2539

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2006-2539
Last Modified 07 Mar 2011 09:36:28
Published 22 May 2006 07:10:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2006-2539

Summary

Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component.

Vulnerable Systems

Application

  • Sybase Easerver 5.0

  • Sybase Easerver 5.2

  • Sybase Easerver 5.3


References

CONFIRM - http://www.sybase.com/detail?id=1040665

BID - 18036

SECUNIA - 20145

XF - sybase-easerver-jpasswordfield-obtain-info(26567)

VUPEN - ADV-2006-1869


Last Updated: 27 May 2016 10:42:40