CVE-2012-2603 : The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensit

The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.

Published 2012-06-08 16:55:01

Updated 2012-06-28 04:00:00

Source CERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-2603

Probability of exploitation activity in the next 30 days: 0.19%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 55 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-2603

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2012-2603

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2603

http://www.kb.cert.org/vuls/id/MAPG-8RJPJX

VU#442595 - ScrumWorks Pro privilege escalation vulnerability
US Government Resource
http://www.kb.cert.org/vuls/id/442595

VU#442595 - ScrumWorks Pro privilege escalation vulnerability
US Government Resource

Products affected by CVE-2012-2603

Collabnet » Scrumworks » Update 5.1 PRO Edition
cpe:2.3:a:collabnet:scrumworks:*:5.1:pro:*:*:*:*:*
Matching versions
Collabnet » Scrumworks » Update 5.0 PRO Edition
cpe:2.3:a:collabnet:scrumworks:*:5.0:pro:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-2603

Exploit prediction scoring system (EPSS) score for CVE-2012-2603

CVSS scores for CVE-2012-2603

CWE ids for CVE-2012-2603

References for CVE-2012-2603

Products affected by CVE-2012-2603