[email protected]CVE-2001-0128

HistoryMar 12, 2001 - 5:00 a.m.

CVE-2001-0128

2001-03-1205:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

zope

2.2.4

local roles

access restrictions

privilege escalation

cve-2001-0128

6.9 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.4%

JSON

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

CPENameOperatorVersion
zope:zopezopele2.2.4
conectiva:linuxconectiva linuxeq4.2
conectiva:linuxconectiva linuxeq6.0
conectiva:linuxconectiva linuxeq5.1
redhat:linux_powertoolsredhat linux powertoolseq6.1
redhat:linux_powertoolsredhat linux powertoolseq7.0
conectiva:linuxconectiva linuxeq5.0
redhat:linux_powertoolsredhat linux powertoolseq6.2
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq7.2
debian:debian_linuxdebian debian linuxeq2.2

CPE	Name	Operator	Version
zope:zope	zope	le	2.2.4
conectiva:linux	conectiva linux	eq	4.2
conectiva:linux	conectiva linux	eq	6.0
conectiva:linux	conectiva linux	eq	5.1
redhat:linux_powertools	redhat linux powertools	eq	6.1
redhat:linux_powertools	redhat linux powertools	eq	7.0
conectiva:linux	conectiva linux	eq	5.0
redhat:linux_powertools	redhat linux powertools	eq	6.2
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	7.2
debian:debian_linux	debian debian linux	eq	2.2

Rows per page:

1-10 of 151

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365

www.debian.org/security/2000/20001219

www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3

www.osvdb.org/6284

www.redhat.com/support/errata/RHSA-2000-127.html

exchange.xforce.ibmcloud.com/vulnerabilities/5777

6.9 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.4%

JSON

Related for CVE-2001-0128

nessus1