Lucene search

[email protected]CVE-2001-0520

HistoryAug 14, 2001 - 4:00 a.m.

CVE-2001-0520

2001-08-1404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-0520

aladdin esafe gateway

vulnerability

script tags

remote attack

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.

CPENameOperatorVersion
aladdin_knowledge_systems:esafe_gatewayaladdin knowledge systems esafe gatewayeq3.0

CPE	Name	Operator	Version
aladdin_knowledge_systems:esafe_gateway	aladdin knowledge systems esafe gateway	eq	3.0

References

archives.neohapsis.com/archives/bugtraq/2001-05/0284.html

exchange.xforce.ibmcloud.com/vulnerabilities/6580

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON