Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2718 | 1 Jiwa | 1 Financials | 2024-02-04 | 6.5 MEDIUM | N/A |
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account. | |||||
CVE-2006-2719 | 1 Jiwa | 1 Financials | 2024-02-04 | 4.9 MEDIUM | N/A |
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords. |