CVE-2007-3581 - The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to

CVE-2007-3581

Summary

The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.

References

http://85.10.222.122/mantis/public_show_bug.php?bug_id=452
http://osvdb.org/45754

Vulnerable Configurations

cpe:2.3:a:jedox:palo:1.5:*:*:*:*:*:*:*
cpe:2.3:a:jedox:palo:1.5:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 15-11-2008 - 06:53)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc	http://85.10.222.122/mantis/public_show_bug.php?bug_id=452
osvdb	45754

Last major update

15-11-2008 - 06:53

Published

05-07-2007 - 20:30

Last modified

15-11-2008 - 06:53