Lucene search

MitreCVE-2003-0497

HistoryAug 07, 2003 - 4:00 a.m.

CVE-2003-0497

2003-08-0704:00:00

CWE-264

mitre

web.nvd.nist.gov

caché database

world-writable permissions

local privilege escalation

cve-2003-0497

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

Percentile

0.4%

JSON

Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.

Affected configurations

Nvd

Node

intersystemscache_databaseMatch5

VendorProductVersionCPE
intersystemscache_database5cpe:2.3:a:intersystems:cache_database:5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intersystems	cache_database	5	cpe:2.3:a:intersystems:cache_database:5:::::::*

References

www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7

www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for CVE-2003-0497