CVE-2010-3245

{"id": "CVE-2010-3245", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-09-07T18:00:02.417", "references": [{"url": "http://www.kb.cert.org/vuls/id/204055", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM", "tags": ["US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file."}, {"lang": "es", "value": "La funcionalidad de backup automatizada en Blackboard Transact Suite (formalmente Blackboard Commerce Suite) almacena el (1) nombre de usuario de la base de datos y (2) contrase\u00f1a de la base de datos en texto claro en archivos de (a) secuencia de comandos (script) y (b) proceso por lotes (.bat), lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un archivo."}], "lastModified": "2013-01-04T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackboard:transact_suite:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82AEFAA6-F5EE-416C-92EE-9B7DAEAC723A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}