CVE-2007-3455

{"id": "CVE-2007-3455", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-06-27T00:30:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/36628", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25778", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24641", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24935", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018320", "source": "cve@mitre.org"}, {"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2330", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to \"stored decrypted user logon information.\""}, {"lang": "es", "value": "El archivo cgiChkMasterPwd.exe versiones anteriores a 8.0.0.142 en Trend Micro OfficeScan Corporate Edition versi\u00f3n 8.0, permite a atacantes remotos omitir el requisito de contrase\u00f1a y conseguir acceso a la Consola de Administraci\u00f3n por medio de un hash vac\u00edo y una cadena de contrase\u00f1a cifrada vac\u00eda, relacionada con la \"stored decrypted user logon information\"."}], "lastModified": "2017-07-29T01:32:17.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22F51496-74DC-4D60-9ADF-442DAC84891E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}