Lucene search

[email protected]CVE-2002-0878

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-0878

2002-10-0404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0878

logisense

sql injection

authentication bypass

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.2%

JSON

SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager allows remote attackers to bypass authentication via SQL code in the password field.

CPENameOperatorVersion
logisense:dns_manager_systemlogisense dns manager systemeq*
logisense:hawk-ilogisense hawk-ieqasp
logisense:hawk-ilogisense hawk-ieq5.2

CPE	Name	Operator	Version
logisense:dns_manager_system	logisense dns manager system	eq	*
logisense:hawk-i	logisense hawk-i	eq	asp
logisense:hawk-i	logisense hawk-i	eq	5.2

References

archives.neohapsis.com/archives/bugtraq/2002-06/0010.html

www.iss.net/security_center/static/9268.php

www.securityfocus.com/bid/4931

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVE-2002-0878

cvelist1