2.1

CVE-2007-4656

EPSS 0.07%
Veröffentlicht 04.09.2007 22:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Backup Manager ≫ Backup Manager Version <= 0.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.178

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392

http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173

http://osvdb.org/37444

http://secunia.com/advisories/26657

Patch

Vendor Advisory

http://secunia.com/advisories/29377

http://www.debian.org/security/2008/dsa-1518

http://www.securityfocus.com/bid/25503

http://www.securitytracker.com/id?1018639

http://www2.backup-manager.org/Release063

Patch

https://nvd.nist.gov/vuln/detail/CVE-2007-4656

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4656

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4656

EUVD