CVE-2012-4947

Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/427547	US Government Resource
http://www.securityfocus.com/bid/56427
https://exchange.xforce.ibmcloud.com/vulnerabilities/79858
http://www.kb.cert.org/vuls/id/427547	US Government Resource
http://www.securityfocus.com/bid/56427
https://exchange.xforce.ibmcloud.com/vulnerabilities/79858

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:agilefleet:fleetcommander::::::::
	cpe:2.3:a:agilefleet:fleetcommander_kiosk::::::::

History

No history.

Information

Published : 2012-11-18 21:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-4947

Mitre link : CVE-2012-4947

CVE.ORG link : CVE-2012-4947

JSON object : View

Products Affected

agilefleet

fleetcommander_kiosk
fleetcommander

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2012-4947", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-18T21:55:01.167", "references": [{"url": "http://www.kb.cert.org/vuls/id/427547", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/56427", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79858", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/427547", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/56427", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79858", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages."}, {"lang": "es", "value": "Agile FleetCommander y FleetCommander Kiosk antes de v4.08 almacena credenciales de la base de datos en texto plano, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de peticiones a p\u00e1ginas no especificadas."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:agilefleet:fleetcommander:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FC0EB44-CDFB-48E4-B99A-EEB5C81912CC", "versionEndIncluding": "4.0"}, {"criteria": "cpe:2.3:a:agilefleet:fleetcommander_kiosk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E90E2FAC-A08B-49B0-85F9-9766857F0B6E", "versionEndIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}