Vulnerabilities > CVE-2006-2539 - Unspecified vulnerability in Sybase Easerver 5.0/5.2/5.3

047910
CVSS 3.5 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
high complexity
sybase

Summary

Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component.

Vulnerable Configurations

Part Description Count
Application
Sybase
3