Lucene search

[email protected]CVE-2001-1448

HistoryDec 17, 2001 - 5:00 a.m.

CVE-2001-1448

2001-12-1705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-1448

magic edeveloper

enterprise edition

local users

overwrite files

execute code

symlink attack

temporary files

mkuserproc

mgrnt

mgdatasrvr.sc

nvd.

7.7 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.0%

JSON

Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.

CPENameOperatorVersion
magic:edevelopermagic edeveloperle8.30.5

CPE	Name	Operator	Version
magic:edeveloper	magic edeveloper	le	8.30.5

References

www.kb.cert.org/vuls/id/157795

www.securityfocus.com/archive/1/246343

exchange.xforce.ibmcloud.com/vulnerabilities/10616

7.7 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.0%

JSON