Vulnerability Details : CVE-2001-0990
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
Exploit prediction scoring system (EPSS) score for CVE-2001-0990
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-0990
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2001-0990
Products affected by CVE-2001-0990
- cpe:2.3:a:inter7:vpopmail:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.11e:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:3.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:4.9:*:*:*:*:*:*:*
- cpe:2.3:a:inter7:vpopmail:4.9.10:*:*:*:*:*:*:*