CVE-2006-6617 — Microsoft Project Server vulnerability

3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

32.5%

top 3.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Project Server

Timeline

PublishedDec 18

Latest updateMay 1

Description

projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/project_server2003

🔴Vulnerability Details

GHSA

GHSA-vprv-694j-g4mw: projectserver/logon/pdsrequest↗2022-05-01

▶

CVEList

CVE-2006-6617: projectserver/logon/pdsrequest↗2006-12-18

▶