CVE-2015-0519

Published: Feb 14, 2015Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file.

Affected (2)

Products: Emc: Captiva Capture

1 product

Captiva Capture

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Emc Captiva Capture	Version 7.0
Emc Captiva Capture	Version 7.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://archives.neohapsis.com/archives/bugtraq/2015-02/0043.html

Source: security_alert@emc.com

Broken Link

http://packetstormsecurity.com/files/130284/EMC-Captiva-Capture-Sensitive-Information-Disclosure.html

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/100748

Source: security_alert@emc.com

http://archives.neohapsis.com/archives/bugtraq/2015-02/0043.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://packetstormsecurity.com/files/130284/EMC-Captiva-Capture-Sensitive-Information-Disclosure.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/100748

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.