Published: 23/12/2020 Updated: 02/09/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5.

Vulnerable Product	Search on Vulmon	Subscribe to Product
urve urve 24.03.2020

URVE Software build version 24032020 suffers from an information disclosure vulnerability that leaks passwords ...

CWE-312 https://urve.co.uk/system-rezerwacji-sal https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-042.txt http://seclists.org/fulldisclosure/2020/Dec/49 http://packetstormsecurity.com/files/160726/URVE-Software-Build-24.03.2020-Information-Disclosure.html https://nvd.nist.gov https://packetstormsecurity.com/files/160726/URVE-Software-Build-24.03.2020-Information-Disclosure.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-29550

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect