CVE-2010-3244 — MEDIUM (4.6)

Q: How severe is CVE-2010-3244?

CVE-2010-3244 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-3244?

Check the references section above for vendor advisories and patch information. Affected products include: Blackboard Transact Suite.

Vulnerability Description

BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Blackboard	Transact Suite	<= 3.6.0.1

Related Weaknesses (CWE)

CWE-200

References

http://www.kb.cert.org/vuls/id/204055US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-86YPVM
http://www.kb.cert.org/vuls/id/204055US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-86YPVM

FAQ

What is CVE-2010-3244?

CVE-2010-3244 is a vulnerability with a CVSS score of 4.6 (MEDIUM). BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml fi...

How severe is CVE-2010-3244?

CVE-2010-3244 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3244?

Check the references section above for vendor advisories and patch information. Affected products include: Blackboard Transact Suite.