Medium severity6.5NVD Advisory· Published May 14, 2020· Updated Jun 17, 2026
CVE-2019-13021
CVE-2019-13021
Description
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Bond/JetSelectdescription
Patches
Vulnerability mechanics
References
1- labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.