Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2002-1138
HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-1138

2004-09-0104:00:00
[email protected]
web.nvd.nist.gov
26
microsoft sql server
privilege escalation
vulnerability
cve-2002-1138
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.6%

JSON

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka “Flaw in Output File Handling for Scheduled Jobs.”

Affected configurations

NVD
Node
microsoftdata_engineMatch1.0
OR
microsoftdata_engineMatch2000
OR
microsoftsql_serverMatch7.0
OR
microsoftsql_serverMatch7.0sp1
OR
microsoftsql_serverMatch7.0sp2
OR
microsoftsql_serverMatch7.0sp3
OR
microsoftsql_serverMatch7.0sp4
OR
microsoftsql_serverMatch2000
OR
microsoftsql_serverMatch2000sp1
OR
microsoftsql_serverMatch2000sp2

Related

cvelist 1
nvd 1
nessus 1
cvelist
cvelist
CVE-2002-1138
2004-09-01 04:00:00
nvd
nvd
CVE-2002-1138
2002-10-11 04:00:00
nessus
nessus
MS02-061: Microsoft SQL Server Multiple Vulnerabilities (uncredentialed check)
2003-01-25 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.6%

JSON
Related for CVE-2002-1138
cvelist1nvd1nessus1