CVE-2007-4656

{"id": "CVE-2007-4656", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-09-04T22:17:00.000", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392", "source": "cve@mitre.org"}, {"url": "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37444", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26657", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29377", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1518", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25503", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018639", "source": "cve@mitre.org"}, {"url": "http://www2.backup-manager.org/Release063", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-255"}, {"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766."}, {"lang": "es", "value": "backup-manager-upload de Backup Manager versiones anteriores a 0.6.3 proporciona el nombre de m\u00e1quina, nombre del usuario y contrase\u00f1a del servidor FTP, como argumentos de l\u00ednea de comandos en texto plano durante la promoci\u00f3n FTP, lo cual permite a usuarios locales obtener informaci\u00f3n confidencial al listar el proceso y sus argumentos, vulnerabilidad distinta de CVE-2007-2766."}], "lastModified": "2013-08-28T05:37:54.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:backup_manager:backup_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6949B83-7F51-4271-8394-AE8134D514DA", "versionEndIncluding": "0.6.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}