Lucene search

[email protected]CVE-2002-0094

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0094

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

bscw

cve-2002-0094

remote command execution

software vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.0%

JSON

config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.

Affected configurations

NVD

Node

fraunhofer_fitbscwMatch3.4

fraunhofer_fitbscwMatch4.0

CPENameOperatorVersion
fraunhofer_fit:bscwfraunhofer fit bscweq3.4
fraunhofer_fit:bscwfraunhofer fit bscweq4.0

CPE	Name	Operator	Version
fraunhofer_fit:bscw	fraunhofer fit bscw	eq	3.4
fraunhofer_fit:bscw	fraunhofer fit bscw	eq	4.0

References

bscw.gmd.de/WhatsNew.html

www.iss.net/security_center/static/7774.php

www.securityfocus.com/archive/1/248000

www.securityfocus.com/bid/3776

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.0%

JSON

Related for CVE-2002-0094

cvelist1 nvd1