CVE-2008-5107

{"id": "CVE-2008-5107", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-11-17T18:18:48.110", "references": [{"url": "http://support.citrix.com/article/CTX116228", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28047", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0705/references", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "http://support.citrix.com/article/CTX116228", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28047", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/0705/references", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files."}, {"lang": "es", "value": "El proceso de instalaci\u00f3n para Citrix Presentation Server 4.5 y Desktop Server 1.0, cuando MSI logging est\u00e1 habilitado, almacena las credenciales de la base de datos en archivos de log MSI, lo que permite a usuarios locales obtener estas credenciales leyendo los archivos de log."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:desktop_server:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08AEEC3F-E8DD-4535-98D2-4CFD83439A69"}, {"criteria": "cpe:2.3:a:citrix:presentation_server:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD859173-2ACD-4C60-8EF4-5B0434EA8244"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}