Vulnerability Details : CVE-2016-10101
Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager.
Vulnerability category: Information leak
Products affected by CVE-2016-10101
- cpe:2.3:a:hiteksoftware:automize:11.15:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.00:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.07:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.08:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.16:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.17:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.25:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.00:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.07:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.08:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.05:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.06:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.14:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.15:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.22:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.23:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.24:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.05:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.06:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.14:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.03:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.04:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.12:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.13:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.20:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.21:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.03:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.04:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.12:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.13:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.01:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.02:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.09:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.11:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.18:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:10.19:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.01:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.02:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.09:*:*:*:*:*:*:*
- cpe:2.3:a:hiteksoftware:automize:11.11:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-10101
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10101
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
|
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2016-10101
-
Assigned by: nvd@nist.gov (Primary)
-
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10101
-
https://rastamouse.me/guff/2016/automize/
404 Page not foundThird Party Advisory
-
http://www.securityfocus.com/bid/96840
Hitek Software Automize CVE-2016-10101 Information Disclosure Vulnerability
Jump to