CVE-2002-0664

The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=103134154721846&w=2
http://www.iss.net/security_center/static/10057.php	Vendor Advisory
http://www.securityfocus.com/bid/5101
http://marc.info/?l=bugtraq&m=103134154721846&w=2
http://www.iss.net/security_center/static/10057.php	Vendor Advisory
http://www.securityfocus.com/bid/5101

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:granite_software:zmerge:4.0:::::::*
	cpe:2.3:a:granite_software:zmerge:5.0:::::::*

History

20 Nov 2024, 23:39

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=103134154721846&w=2 -~~	() http://marc.info/?l=bugtraq&m=103134154721846&w=2 -
References	~~() http://www.iss.net/security_center/static/10057.php - Vendor Advisory~~	() http://www.iss.net/security_center/static/10057.php - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/5101 -~~	() http://www.securityfocus.com/bid/5101 -

Information

Published : 2002-10-04 04:00

Updated : 2024-11-20 23:39

NVD link : CVE-2002-0664

Mitre link : CVE-2002-0664

CVE.ORG link : CVE-2002-0664

JSON object : View

Products Affected

granite_software

zmerge

CWE

NVD-CWE-Other

{"id": "CVE-2002-0664", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-10-04T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=103134154721846&w=2", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10057.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5101", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=103134154721846&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/10057.php", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/5101", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts."}, {"lang": "es", "value": "Las listas de control de acceso (ACLs) de la base de datos de administraci\u00f3n en ZMerge 4.x y 5.x provee a usuarios arbitrarios (incluyendo usuarios an\u00f3nimos) con nivel de acceso de Manager, lo que permite a los usuarios leer o modificar guiones (scripts) para importar y exportar."}], "lastModified": "2024-11-20T23:39:35.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:granite_software:zmerge:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D207BA8E-6A2D-4088-AB60-7CC4EE3AD885"}, {"criteria": "cpe:2.3:a:granite_software:zmerge:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74C281C6-A491-47FF-A52E-FAB6E7AA626E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}