CreateBossCredentials.jar in Toshiba CHEC prior to 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows malicious users to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
toshiba chec |
||
toshiba chec 6.7 |