Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2719

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2006-2719
Last Modified 05 Sep 2008 05:05:15
Published 31 May 2006 09:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-2719

Summary

JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.

Vulnerable Systems

Application

  • Jiwa Financials 6.4.14


References

BUGTRAQ - 20060530 Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.

SECUNIA - 20342

FULLDISC - 20060529 Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.

SECTRACK - 1016181

SREASON - 1000


Last Updated: 27 May 2016 10:42:44