CVE-2004-1228 — MEDIUM (6.4)

Q: How severe is CVE-2004-1228?

CVE-2004-1228 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2004-1228?

Check the references section above for vendor advisories and patch information. Affected products include: Sugarcrm Sugar Sales.

Vulnerability Description

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:P

Confidentiality

PARTIAL

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Sugarcrm	Sugar Sales	<= 2.0.1c

References

FAQ

What is CVE-2004-1228?

CVE-2004-1228 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation ...

How severe is CVE-2004-1228?

CVE-2004-1228 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-1228?

Check the references section above for vendor advisories and patch information. Affected products include: Sugarcrm Sugar Sales.