CVE-2017-9615 — CRITICAL (9.8)

Q: How severe is CVE-2017-9615?

CVE-2017-9615 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-9615?

Check the references section above for vendor advisories and patch information. Affected products include: Cognito Moneyworks.

Vulnerability Description

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cognito	Moneyworks	<= 8.0.3

Related Weaknesses (CWE)

CWE-532 CWE-732

References

http://cognito.co.nz/mwcommunity/viewtopic.php?f=1&t=3542Vendor Advisory
https://gist.github.com/ari/e0dd74c12d84f102e3bcb365118e8c30Third Party AdvisoryVendor Advisory
http://cognito.co.nz/mwcommunity/viewtopic.php?f=1&t=3542Vendor Advisory
https://gist.github.com/ari/e0dd74c12d84f102e3bcb365118e8c30Third Party AdvisoryVendor Advisory

FAQ

What is CVE-2017-9615?

CVE-2017-9615 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-reada...

How severe is CVE-2017-9615?

CVE-2017-9615 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-9615?

Check the references section above for vendor advisories and patch information. Affected products include: Cognito Moneyworks.