CVE-2020-9337 - Vulnerability Details

Vendors	Products
Golfbuddyglobal	Course Manager

Link	Providers
https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md
https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-26T13:20:29", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-9337", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5", "refsource": "MISC", "url": "https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5"}, {"name": "https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md", "refsource": "MISC", "url": "https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:26:16.119Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-9337", "datePublished": "2020-02-26T13:20:29", "dateReserved": "2020-02-22T00:00:00", "dateUpdated": "2024-08-04T10:26:16.119Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-02-26T13:20:29 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2020-9337 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5 (string)

refsource : MISC (string)

url : https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5 (string)

}

1 : { »

name : https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md (string)

refsource : MISC (string)

url : https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T10:26:16.119Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2020-9337 (string)

datePublished : 2020-02-26T13:20:29 (string)

dateReserved : 2020-02-22T00:00:00 (string)

dateUpdated : 2024-08-04T10:26:16.119Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golfbuddyglobal:course_manager:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BE33FE04-0C97-42A1-AC5C-DD04BCF30838", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request."}, {"lang": "es", "value": "En GolfBuddy Course Manager versi\u00f3n 1.1, las contrase\u00f1as son enviadas (con codificaci\u00f3n base64) por medio de una petici\u00f3n GET."}], "id": "CVE-2020-9337", "lastModified": "2024-11-21T05:40:26.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-26T14:15:11.053", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:golfbuddyglobal:course_manager:1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : BE33FE04-0C97-42A1-AC5C-DD04BCF30838 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. (string)

}

1 : { »

lang : es (string)

value : En GolfBuddy Course Manager versión 1.1, las contraseñas son enviadas (con codificación base64) por medio de una petición GET. (string)

}

]

id : CVE-2020-9337 (string)

lastModified : 2024-11-21T05:40:26.237 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-02-26T14:15:11.053 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

1 : { »

lang : en (string)

value : CWE-326 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object