Lucene search

[email protected]CVE-2002-0486

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0486

2002-08-1204:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0486

intellisol xpede 4.1

weak encryption

cookie authentication

privilege escalation

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.

Affected configurations

NVD

Node

workforceroixpedeMatch4.1

workforceroixpedeMatch7.0

CPENameOperatorVersion
workforceroi:xpedeworkforceroi xpedeeq4.1
workforceroi:xpedeworkforceroi xpedeeq7.0

CPE	Name	Operator	Version
workforceroi:xpede	workforceroi xpede	eq	4.1
workforceroi:xpede	workforceroi xpede	eq	7.0

References

www.securityfocus.com/archive/1/263485

www.securityfocus.com/bid/4344

exchange.xforce.ibmcloud.com/vulnerabilities/8614

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2002-0486

cvelist1 nvd1