CVE-2019-3947

Published: Jun 12, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.

Affected (1)

Products: Fujielectric: V Server

Fujielectric

1 product

V Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fujielectric V Server	Before 6.0.33.0

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

http://www.securityfocus.com/bid/108740

Source: vulnreport@tenable.com

https://www.tenable.com/security/research/tra-2019-27

Source: vulnreport@tenable.com

ExploitThird Party Advisory

http://www.securityfocus.com/bid/108740

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.tenable.com/security/research/tra-2019-27

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.