Vulnerability Note VU#669156
Topline Systems Opportunity Form vulnerable to information disclosure
Topline Systems Opportunity Form contains an information disclosure vulnerability.
CWE-200: Information Exposure
Topline Systems Opportunity Form is a macro-enabled Excel spreadsheet that contains connection strings to a public-facing database. By running procedures included in the spreadsheet, user names, email addresses, and passwords are exposed in plain text.
A remote, authenticated attacker may gain access to user credentials and account data.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Topline Systems||Affected||16 Dec 2014||05 Feb 2015|
CVSS Metrics (Learn More)
This document was written by Joel Land.
- CVE IDs: Unknown
- Date Public: 05 Feb 2015
- Date First Published: 05 Feb 2015
- Date Last Updated: 06 Feb 2015
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.