Lucene search

[email protected]CVE-2001-0372

HistoryJun 18, 2001 - 4:00 a.m.

CVE-2001-0372

2001-06-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

akopia interchange

cve-2001-0372

demo stores

access vulnerability

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.5%

JSON

Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct.

CPENameOperatorVersion
akopia:akopia_interchangeakopia akopia interchangeeq4.5.3
akopia:akopia_interchangeakopia akopia interchangele4.6.3

CPE	Name	Operator	Version
akopia:akopia_interchange	akopia akopia interchange	eq	4.5.3
akopia:akopia_interchange	akopia akopia interchange	le	4.6.3

References

archives.neohapsis.com/archives/bugtraq/2001-03/0337.html

lists.akopia.com/pipermail/interchange-announce/2001/000009.html

www.securityfocus.com/bid/2499

exchange.xforce.ibmcloud.com/vulnerabilities/6273

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.5%

JSON