CVE-2009-2899
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments.
El script en perl monitor en el plugin de base de datos Sybase en SpringSource Hyperic HQ anterior a v4.3 permite a usuarios locales obtener la contraseƱa de la base de datos mediante el listado de procesos y sus argumentos
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-08-20 CVE Reserved
- 2012-12-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://communities.vmware.com/thread/348773 | X_refsource_misc | |
| https://jira.hyperic.com/browse/HHQ-1031 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.springsource.com/security/CVE-2009-2899 | 2012-12-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Hyperic Hq Search vendor "Vmware" for product "Hyperic Hq" | <= 4.2 Search vendor "Vmware" for product "Hyperic Hq" and version " <= 4.2" | - |
Affected
| ||||||