6.8

CVE-2010-1596

Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SitrackerSupport Incident Tracker Version <= 3.50
SitrackerSupport Incident Tracker Version3.22pl1
SitrackerSupport Incident Tracker Version3.24 Updatebeta-2
SitrackerSupport Incident Tracker Version3.30 Updatebeta2
SitrackerSupport Incident Tracker Version3.35 Updatebeta1
SitrackerSupport Incident Tracker Version3.40 Updatebeta1
SitrackerSupport Incident Tracker Version3.45 Updatebeta1
SitrackerSupport Incident Tracker Version3.50 Updatebeta1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.54% 0.716
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://bugs.sitracker.org/view.php?id=1047
http://osvdb.org/61945
http://secunia.com/advisories/38329
Vendor Advisory
http://sitracker.org/forum/viewtopic.php?f=4&t=1416979&p=2292
http://sitracker.org/wiki/ReleaseNotes351
Patch
http://www.securityfocus.com/bid/37949
https://exchange.xforce.ibmcloud.com/vulnerabilities/55871