7.5

CVE-2004-2172

Exploit
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetsourcecommerceProductcart Version < 2.53
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.77% 0.931
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://archives.neohapsis.com/archives/bugtraq/2004-02/0503.html
Patch
Vendor Advisory
Broken Link
http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0871.html
Vendor Advisory
Broken Link
http://secunia.com/advisories/10898
Broken Link
http://securitytracker.com/alerts/2004/Feb/1009085.html
Third Party Advisory
Broken Link
VDB Entry
http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Security_Patch_013004.txt
Third Party Advisory
Exploit
http://www.osvdb.org/3979
Broken Link
http://www.s-quadra.com/advisories/Adv-20040216.txt
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/archive/1/354288
Third Party Advisory
Vendor Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/9669
Patch
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15231
Third Party Advisory
VDB Entry