{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T01:43:39.990","vulnerabilities":[{"cve":{"id":"CVE-2016-6545","sourceIdentifier":"cret@cert.org","published":"2018-07-13T20:29:00.377","lastModified":"2024-11-21T02:56:19.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password."},{"lang":"es","value":"No se emplean cookies de sesión para mantener sesiones válidas en iTrack Easy. La contraseña del usuario se pasa como parámetro POST mediante HTTPS empleando un campo passwd cifrado por base64 en todas las peticiones. En esta implementación, las sesiones solo pueden terminarse cuando el usuario cambia la contraseña asociada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cret@cert.org","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ieasytec:itrackeasy:-:*:*:*:*:*:*:*","matchCriteriaId":"F701E41D-CE74-4EC6-BEDF-0D76D9A8E949"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93875","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/","source":"cret@cert.org","tags":["Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/974055","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93875","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/974055","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}