CVE-2010-3244 - Vulnerability Details - OpenCVE

BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackboard	Transact Suite

Configuration 1 [-]

cpe:2.3:a:blackboard:transact_suite:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.kb.cert.org/vuls/id/204055
http://www.kb.cert.org/vuls/id/MAPG-86YPVM

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-07T17:00:00Z

Updated: 2024-09-16T21:07:41.851Z

Reserved: 2010-09-07T00:00:00Z

Link: CVE-2010-3244

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-09-07T18:00:02.370

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-3244

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-09-07T17:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM"}, {"name": "VU#204055", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/204055"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM", "refsource": "MISC", "url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM"}, {"name": "VU#204055", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/204055"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:03:18.572Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM"}, {"name": "VU#204055", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/204055"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3244", "datePublished": "2010-09-07T17:00:00Z", "dateReserved": "2010-09-07T00:00:00Z", "dateUpdated": "2024-09-16T21:07:41.851Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackboard:transact_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A73154B-52C9-49FD-B05F-5CBCEA2D1F97", "versionEndIncluding": "3.6.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field."}, {"lang": "es", "value": "BbtsConnection_Edit.exe en Blackboard Transact Suite (formalmente Blackboard Commerce Suite) anterior a v3.6.0.2 delega en nombres de campo cuando determina si es apropiado descifrar un valor de campo en connection.xml, lo que permite a usuarios locales descubrir la contrase\u00f1a de la base de datos a trav\u00e9s de un archivo connection.xml modificado que contiene una contrase\u00f1a cifrada en el campo <Server>"}], "id": "CVE-2010-3244", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-07T18:00:02.370", "references": [{"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/204055"}, {"source": "cve@mitre.org", "url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/204055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}