Lucene search

[email protected]CVE-2003-0399

HistoryJul 02, 2003 - 4:00 a.m.

CVE-2003-0399

2003-07-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0399

vignette storyserver

vignette v/5

unauthorized access

security vulnerability

nvd

7.1 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

71.8%

JSON

Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.

CPENameOperatorVersion
vignette:storyservervignette storyservereq4.0
vignette:vignettevignetteeq5.0
vignette:storyservervignette storyservereq5.0
vignette:content_suitevignette content suiteeq6.0
vignette:content_suitevignette content suiteeq7.0
vignette:storyservervignette storyservereq4.1

CPE	Name	Operator	Version
vignette:storyserver	vignette storyserver	eq	4.0
vignette:vignette	vignette	eq	5.0
vignette:storyserver	vignette storyserver	eq	5.0
vignette:content_suite	vignette content suite	eq	6.0
vignette:content_suite	vignette content suite	eq	7.0
vignette:storyserver	vignette storyserver	eq	4.1

References

marc.info/?l=bugtraq&m=105405874325673&w=2

www.iss.net/security_center/static/12076.php

www.s21sec.com/es/avisos/s21sec-017-en.txt

www.securityfocus.com/bid/7683

7.1 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

71.8%

JSON

Related for CVE-2003-0399

nessus1