Main Vulnerability Database SB2014050102

SB2014050102 - Cryptographic issues in Ecava IntegraXor

Published: May 1, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014050102

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Cryptographic issues (CVE-ID: CVE-2014-0786)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.

Remediation

Install update from vendor's website.

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01
http://www.integraxor.com/blog/category/security/vulnerability-note/