CVE-2024-1346

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree	Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:laborofficefree:laborofficefree:19.10:*:*:*:*:*:*:*

History

24 Mar 2025, 17:11

Type	Values Removed	Values Added
First Time		Laborofficefree laborofficefree Laborofficefree
CPE		cpe:2.3:a:laborofficefree:laborofficefree:19.10:::::::*
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree -~~	() https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree - Third Party Advisory

Information

Published : 2024-02-19 12:15

Updated : 2025-03-24 17:11

NVD link : CVE-2024-1346

Mitre link : CVE-2024-1346

CVE.ORG link : CVE-2024-1346

JSON object : View

Products Affected

laborofficefree

laborofficefree

CWE

CWE-521

Weak Password Requirements

{"id": "CVE-2024-1346", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-19T12:15:45.000", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}, {"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants."}, {"lang": "es", "value": "La contrase\u00f1a ra\u00edz d\u00e9bil de la base de datos MySQL en LaborOfficeFree afecta la versi\u00f3n 19.10. Esta vulnerabilidad permite a un atacante calcular la contrase\u00f1a ra\u00edz de la base de datos MySQL utilizada por LaborOfficeFree utilizando dos constantes."}], "lastModified": "2025-03-24T17:11:55.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:laborofficefree:laborofficefree:19.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D56A6B-14E7-416D-8818-6EB4E3F26F57"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@incibe.es"}