7.5

CVE-2007-4150

EPSS 1.08%
Veröffentlicht 03.08.2007 20:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Visionsoft ≫ Audit Version12.4.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.08%	0.758

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

http://www.securityfocus.com/bid/25153

Third Party Advisory

Broken Link

VDB Entry

http://osvdb.org/46979

Broken Link

http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt

Vendor Advisory

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2007-4150

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4150

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4150

EUVD