Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Blackboard Transact Suite 'BbtsConnection_Edit.exe'信息泄露
Vulnerability Description
Blackboard Transact Suite (旧名 Blackboard Commerce Suite) 3.6.0.2之前版本中的BbtsConnection_Edit.exe凭借字段名称确定是否恰当的解密了connection.xml字段值,本地用户可以借助修改包含<Server>域加密密码的connection.xml文件查看数据库密码。
CVSS Information
N/A
Vulnerability Type
N/A