CVE-2011-1655

{"id": "CVE-2011-1655", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-04-18T15:00:43.437", "references": [{"url": "http://secunia.com/advisories/44097", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1025353", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/47356", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0977", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727", "source": "cve@mitre.org"}, {"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service."}, {"lang": "es", "value": "M\u00f3dulo management.asmx en Management Web Service de Unified Network Control Server en CA Total Defense(TD)r12 antes de SE2 env\u00eda una respuesta en texto plano a las solicitudes getDBConfigSettings sin especificar, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener credenciales de base de datos, y, posteriormente, ejecutar c\u00f3digo arbitrario, mediante escuchas en la red, relacionados con el Servicio UNCWS Web."}], "lastModified": "2023-11-07T02:07:04.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAD87D20-B6C6-4D48-BEF7-5960AB2060D0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}