Vulnerability Description
AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ajaxplorer | Ajaxplorer | 3.2 |
Related Weaknesses (CWE)
References
- http://ajaxplorer.info/ajaxplorer-4-0-4/PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/504019US Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74305
- http://ajaxplorer.info/ajaxplorer-4-0-4/PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/504019US Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74305
FAQ
What is CVE-2012-1840?
CVE-2012-1840 is a vulnerability with a CVSS score of 7.5 (HIGH). AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash.
How severe is CVE-2012-1840?
CVE-2012-1840 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1840?
Check the references section above for vendor advisories and patch information. Affected products include: Ajaxplorer Ajaxplorer.