CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2603
https://notcve.org/view.php?id=CVE-2012-2603
08 Jun 2012 — The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client. El servidor en CollabNet ScrumWorks Pro anteriores a v6.0 permite a usuarios remotos autenticados obtener privilegios y obtener información sensible a través de un cliente de escritorio modificado. • http://www.kb.cert.org/vuls/id/442595 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0410
https://notcve.org/view.php?id=CVE-2011-0410
24 Jan 2011 — CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database. CollabNet ScrumWorks Basic v1.8.4 utiliza las credenciales en texto plano para la comunicación de la red y la base de datos interna, que facilita a los atacantes dependientes de contexto a obtener información sensible medi... • http://osvdb.org/70601 • CWE-310: Cryptographic Issues •