CVE-2005-2845 - OpenCVE

Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ariba	Ariba Spend Management Solutions

Configuration 1 [-]

cpe:2.3:a:ariba:ariba_spend_management_solutions:*:*:*:*:*:*:*:*

References

Link	Resource
http://marc.info/?l=bugtraq&m=112552683829473&w=2
http://marc.info/?l=bugtraq&m=112559982413287&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/22116

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-09-08T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-09-08T00:00:00

Link: CVE-2005-2845

JSON object: View

NVD Information

Status : Modified

Published: 2005-09-08T10:03:00.000

Modified: 2017-07-11T01:33:00.987

Link: CVE-2005-2845

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-08-31T00:00:00", "descriptions": [{"lang": "en", "value": "Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20050901 Re: Ariba password exposure vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112559982413287&w=2"}, {"name": "20050831 Ariba password exposure vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112552683829473&w=2"}, {"name": "ariba-url-plaintext-password(22116)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22116"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2845", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20050901 Re: Ariba password exposure vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112559982413287&w=2"}, {"name": "20050831 Ariba password exposure vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112552683829473&w=2"}, {"name": "ariba-url-plaintext-password(22116)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22116"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2845", "datePublished": "2005-09-08T04:00:00", "dateReserved": "2005-09-08T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}