CVE-2012-2603
https://notcve.org/view.php?id=CVE-2012-2603
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client. El servidor en CollabNet ScrumWorks Pro anteriores a v6.0 permite a usuarios remotos autenticados obtener privilegios y obtener información sensible a través de un cliente de escritorio modificado. • http://www.kb.cert.org/vuls/id/442595 http://www.kb.cert.org/vuls/id/MAPG-8RJPJX • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0410
https://notcve.org/view.php?id=CVE-2011-0410
CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database. CollabNet ScrumWorks Basic v1.8.4 utiliza las credenciales en texto plano para la comunicación de la red y la base de datos interna, que facilita a los atacantes dependientes de contexto a obtener información sensible mediante (1) espiando las transmisiones de los objetos Java o (2) lectura de la base de datos • http://osvdb.org/70601 http://osvdb.org/70602 http://secunia.com/advisories/43010 http://www.kb.cert.org/vuls/id/547167 https://exchange.xforce.ibmcloud.com/vulnerabilities/64883 • CWE-310: Cryptographic Issues •