Vulnerability Description
The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Websense | Enterpise | 6.3.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32264Vendor Advisory
- http://www.securityfocus.com/bid/31746
- http://www.securitytracker.com/id?1021058
- http://www.vupen.com/english/advisories/2008/2819
- http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure
- http://secunia.com/advisories/32264Vendor Advisory
- http://www.securityfocus.com/bid/31746
- http://www.securitytracker.com/id?1021058
- http://www.vupen.com/english/advisories/2008/2819
- http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure
FAQ
What is CVE-2008-4646?
CVE-2008-4646 is a vulnerability with a CVSS score of 2.1 (LOW). The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the ...
How severe is CVE-2008-4646?
CVE-2008-4646 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4646?
Check the references section above for vendor advisories and patch information. Affected products include: Websense Enterpise.