CVE: CVE-2001-1464 - CVE-Search

CVE Details for CVE: CVE-2001-1464

Summary

Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.

Timestamps
Last major update	11-07-2017 - 01:29
Published	10-01-2001 - 05:00
Last modified	11-07-2017 - 01:29

References

http://www.kb.cert.org/vuls/id/403307
https://exchange.xforce.ibmcloud.com/vulnerabilities/7928

Vulnerable Configurations

cpe:2.3:a:businessobjects:crystal_reports:*:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_reports:*:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

7.5

Impact

6.4

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

cert-vn	VU#403307
xf	crystalreports-plaintext-auth-info(7928)