Local Information Disclosure Vulnerability in Sybase Database Plug-in by SpringSource
CVE-2009-2899

Currently unrated

Key Information:

Vendor: Vmware
Status: Hyperic Hq
Vendor: CVE Published:; 5 December 2012

Summary

The monitor Perl script within the Sybase database plug-in for SpringSource Hyperic HQ prior to version 4.3 is susceptible to a local information disclosure vulnerability. This flaw enables local users to retrieve sensitive database credentials by listing the running process and its arguments, potentially exposing critical security information that could be exploited in subsequent attacks.

References

https://jira.hyperic.com/browse/HHQ-1031

x_refsource_MISC

http://communities.vmware.com/thread/348773

x_refsource_MISC

http://support.springsource.com/security/CVE-2009-2899

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 5, 2012