CVE-2004-2172

moderate-risk

Published 2004-12-31

EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.

Do I need to act?

5.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

23702

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Productcart

Affected Vendors

Netsourcecommerce

References (20)

Broken Link http://archives.neohapsis.com/archives/bugtraq/2004-02/0503.html

Broken Link http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0871.html

Broken Link http://secunia.com/advisories/10898

Broken Link http://securitytracker.com/alerts/2004/Feb/1009085.html

Exploit http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Securi...

Broken Link http://www.osvdb.org/3979

Broken Link http://www.s-quadra.com/advisories/Adv-20040216.txt

Broken Link http://www.securityfocus.com/archive/1/354288

Broken Link http://www.securityfocus.com/bid/9669

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/15231