CVE-2016-10103

{"id": "CVE-2016-10103", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2017-01-23T07:59:00.250", "references": [{"url": "http://www.securityfocus.com/bid/96850", "source": "cve@mitre.org"}, {"url": "https://rastamouse.me/guff/2016/automize/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}, {"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14."}, {"lang": "es", "value": "Puede ocurrir divulgaci\u00f3n de informaci\u00f3n en encryptionProfiles.jsd en Hitek Software's Automize debido a que el atributo Read se establece para Usuarios. Esto permite a un atacante recuperar contrase\u00f1as cifradas para perfiles GPG Encryption. Se verifica en todas las versiones hasta la 10.x incluyendo la 10.25 y todas las versiones hasta la 11.x incluyendo la 11.14."}], "lastModified": "2017-03-16T01:59:00.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hiteksoftware:automize:10.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A7C2457-43EB-4486-A120-B7D459FC279B"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35EAE4F6-29CE-4D20-8567-2220905A4783"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "722B055A-E157-46AA-9919-0BE7491B15E0"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3913B250-2602-4943-A45E-407118445FBB"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6727427E-834D-42A8-8182-2C5FDFE520C0"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "052CF7DA-98F0-4390-8FAE-5AF5F42708EC"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A83DAF2F-569D-433B-85E1-138AEADF4E0C"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42CC6578-8DFA-4500-AF77-9DC73834C8E8"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AC7B1FF-1FB4-423C-BD9D-75DD6B6E66E6"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEAC4542-BC4D-4DEA-8D7B-C750951E825F"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "974AA5EF-9670-4DC6-89A2-DEDA3B3276D8"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA0C77C1-D835-4539-809C-1D6E805D40AD"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9FEEFF2-DB6B-472C-B2B7-C7C1D22DBA4C"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA79A04C-D25D-4D3E-B131-D4249EE0DA4F"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "474F086B-D331-498F-9313-159BC005BB17"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A17B080F-E6A3-4A3D-B600-22466C45C82C"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A464860D-5D5D-4065-A7C6-BBE5DC9139D1"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF9197BC-92AB-4927-8805-494B39A2953A"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B27121A-7B58-4548-935F-57C1FF187EE6"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "073ED514-E2CC-4D18-A9F4-9654E9161727"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D27D639-94D1-4BDE-AD4E-AEB37AFABCE4"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43826AA5-62A0-4452-8EC4-098982867CA1"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDEA6E6A-D111-4320-BF3A-E5B7CC397423"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63FADFB7-14A0-4C13-8853-40EACFBDBD85"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F80CAE4-2A0D-4805-AAC3-0FFD44D39F78"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61137963-5766-4F2E-B4A2-EDA5A4469720"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7682507-9EA1-468D-8D8C-7060F068EA61"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF9EAFEE-3A59-4350-903E-D46AC9185FFE"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CD5DD65-A3DB-4F3F-A8CE-DEF6185D5648"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00C18571-A34F-4B61-B7FA-3649E31BA513"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F7BE139-0DC5-4008-A974-D1A01E1758EC"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "449AC115-FF3D-4D40-9D8A-8439625D3410"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84A099DF-F17F-47A3-A17E-C397445A3430"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E680BB2-8E4B-407E-813E-661D8880DF5C"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A1EF835-E571-4985-96DC-1703BF3F3BFC"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7C74206-9610-4725-8AB9-CEBD6213DD07"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4830A80-D9A8-48CB-B5AE-A36FB0BE7EB3"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3FC908B-E1A7-4ED8-B6D2-A46CE87B96A1"}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90166099-D6E9-4346-9C24-1E2CB3FC2455"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}