CVE-2017-9615
CRITICALCognito Software Moneyworks <8.0.3 - Info Disclosure
Title source: llmDescription
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://cognito.co.nz/mwcommunity/viewtopic.php?f=1&t=3542
Third Party Advisory, Vendor Advisory x_refsource_misc
https://gist.github.com/ari/e0dd74c12d84f102e3bcb365118e8c30
Scores
CVSS v3
9.8
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-532
CWE-732
Status
published
Products (1)
cognito/moneyworks
< 8.0.3
Published
Jun 26, 2017
Tracked Since
Feb 18, 2026