CVE-2006-2539

Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:S/C:P/I:P/A:P

Exploitability : 1.5 / Impact : 6.4

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.sybase.com/detail?id=1040665	Patch
http://www.securityfocus.com/bid/18036	Patch
http://secunia.com/advisories/20145	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2006/1869
https://exchange.xforce.ibmcloud.com/vulnerabilities/26567

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sybase:easerver:5.3:::::::*
	cpe:2.3:a:sybase:easerver:5.0:::::::*
	cpe:2.3:a:sybase:easerver:5.2:::::::*

Information

Published : 2006-05-22 16:10

Updated : 2017-07-19 18:31

NVD link : CVE-2006-2539

Mitre link : CVE-2006-2539

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

sybase

easerver

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.sybase.com/detail?id=1040665", "name": "http://www.sybase.com/detail?id=1040665", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/18036", "name": "18036", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/20145", "name": "20145", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/1869", "name": "ADV-2006-1869", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26567", "name": "sybase-easerver-jpasswordfield-obtain-info(26567)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2539", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.5, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 1.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-05-22T23:10Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sybase:easerver:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sybase:easerver:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sybase:easerver:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:31Z"}