Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.
References
Link | Resource |
---|---|
http://www.integraxor.com/blog/category/security/vulnerability-note/ | Vendor Advisory |
http://www.integraxor.com/blog/category/security/vulnerability-note/ | Vendor Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-14-091-01 | |
http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01 | Patch US Government Resource |
http://www.integraxor.com/blog/category/security/vulnerability-note/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Sep 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : unknown |
CWE | CWE-200 |
21 Nov 2024, 02:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01 - Patch, US Government Resource | |
References | () http://www.integraxor.com/blog/category/security/vulnerability-note/ - Vendor Advisory |
Information
Published : 2014-05-01 01:56
Updated : 2025-09-25 18:15
NVD link : CVE-2014-0786
Mitre link : CVE-2014-0786
CVE.ORG link : CVE-2014-0786
JSON object : View
Products Affected
ecava
- integraxor