Vulnerabilities > CVE-2002-2301 - Credentials Management vulnerability in Lawson Software Lawson Financials 8.0

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

lawson-software

CWE-255

NVD

Published: 2002-12-31

Updated: 2017-07-29

Summary

Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database.

Vulnerable Configurations

Part	Description	Count
Application	Lawson_Software Lawson Software Lawson Financials 8.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://seclists.org/lists/bugtraq/2002/Dec/0012.html
http://www.securityfocus.com/bid/6293
https://exchange.xforce.ibmcloud.com/vulnerabilities/10742