CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-3244

BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.0%

CVSS Severity

CVSS v2 Score 4.6

References

http://www.kb.cert.org/vuls/id/204055
http://www.kb.cert.org/vuls/id/MAPG-86YPVM
http://www.kb.cert.org/vuls/id/204055
http://www.kb.cert.org/vuls/id/MAPG-86YPVM

Products affected by CVE-2010-3244

Blackboard » Transact Suite » Version: N/A

cpe:2.3:a:blackboard:transact_suite:-
Blackboard » Transact Suite » Version: 3.6.0.1

cpe:2.3:a:blackboard:transact_suite:3.6.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-3244

Products

Pricing

Contact Us