Lucene search

[email protected]CVE-2002-0736

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0736

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

microsoft

backoffice

authentication

bypass

cve-2002-0736

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.

Affected configurations

NVD

Node

microsoftbackofficeMatch4.0

microsoftbackofficeMatch4.5

CPENameOperatorVersion
microsoft:backofficemicrosoft backofficeeq4.0
microsoft:backofficemicrosoft backofficeeq4.5

CPE	Name	Operator	Version
microsoft:backoffice	microsoft backoffice	eq	4.0
microsoft:backoffice	microsoft backoffice	eq	4.5

References

archives.neohapsis.com/archives/bugtraq/2002-04/0208.html

support.microsoft.com/support/kb/articles/q316/8/38.asp

www.iss.net/security_center/static/8862.php

www.securityfocus.com/bid/4528

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2002-0736

cvelist1 nvd1