CVE-2002-0487
CVE-2002-0487 is a medium-severity vulnerability in Workforceroi Xpede with a CVSS 2.0 base score of 4.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.6)
- EPSS exploit prediction: 0% (35th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Workforceroi Xpede
- Published:
- Last modified:
Description
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
Frequently asked questions
- What is CVE-2002-0487?
- Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
- How severe is CVE-2002-0487?
- CVE-2002-0487 has a CVSS 2.0 base score of 4.6, rated medium severity.
- Is CVE-2002-0487 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (35th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2002-0487?
- CVE-2002-0487 primarily affects Workforceroi Xpede. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2002-0487?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2002-0487 published?
- CVE-2002-0487 was published on 2002-08-12 and last updated on 2026-06-16.
References
- http://www.iss.net/security_center/static/8612.php
- http://www.securityfocus.com/archive/1/263485
- http://www.securityfocus.com/bid/4346
Affected products (2)
- cpe:2.3:a:workforceroi:xpede:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:workforceroi:xpede:7.0:*:*:*:*:*:*:*
More vulnerabilities in Workforceroi Xpede
- CVE-2002-0581 — High (CVSS 7.5): WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials…
- CVE-2002-0580 — High (CVSS 7.5): WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which…
- CVE-2002-0579 — High (CVSS 7.5): WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request…
- CVE-2002-0486 — High (CVSS 7.2): Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users…
- CVE-2002-0582 — Medium (CVSS 5.0): WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp…
- CVE-2002-0584 — Medium (CVSS 5.0): WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the…