CVE-2012-4946

{"id": "CVE-2012-4946", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-18T21:55:01.117", "references": [{"url": "http://www.kb.cert.org/vuls/id/427547", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/56427", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79857", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a key file and the encrypted strings."}, {"lang": "es", "value": "Agile FleetCommander y Kiosk FleetCommander antes v4.08 utiliza un algoritmo XOR para el cifrado de las contrase\u00f1as, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes, dependiendo del contexto, obtener informaci\u00f3n sensible mediante la lectura de un archivo de claves y las cadenas cifradas."}], "lastModified": "2017-08-29T01:32:26.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:agilefleet:fleetcommander:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FC0EB44-CDFB-48E4-B99A-EEB5C81912CC", "versionEndIncluding": "4.0"}, {"criteria": "cpe:2.3:a:agilefleet:fleetcommander_kiosk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E90E2FAC-A08B-49B0-85F9-9766857F0B6E", "versionEndIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}