CVE-2014-5400 - Information Leak / Disclosure vulnerability in Hospira Mednet 5.8

Summary

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.

Classification

CWE-200 - Information Leak / Disclosure

Risk level (CVSS 2.1)

Low

2.1

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products