Lucene search
HistoryOct 04, 2002 - 4:00 a.m.
CVE-2002-0664
acls
zmerge
access control lists
administration database
cve-2002-0664
security vulnerability
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.5%
The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.
Affected configurations
Node
granite_softwarezmergeMatch4.0
ORgranite_softwarezmergeMatch5.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| granite_software:zmerge | granite software zmerge | eq | 4.0 |
| granite_software:zmerge | granite software zmerge | eq | 5.0 |
Related
cvelist
cvelist
CVE-2002-0664
2002-09-10 04:00:00
nessus
nessus
IBM Lotus Domino Administration Databases Anonymous Access
2001-03-08 00:00:00
IBM Domino ZMerge Database Security Bypass
2015-10-09 00:00:00
nvd
nvd
CVE-2002-0664
2002-10-04 04:00:00
openvas
openvas
HCL / IBM / Lotus Domino Administration Databases Accessible (HTTP)
2005-11-03 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.5%
Related for CVE-2002-0664