Lucene search

[email protected]CVE-2003-1169

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2003-1169

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

cve-2003-1169

datev

nutzungskontrolle

insecure write permissions

registry keys

nukoinfo

access restrictions

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.

Affected configurations

NVD

Node

datevnutzungskontrolleMatch2.1

datevnutzungskontrolleMatch2.2

CPENameOperatorVersion
datev:nutzungskontrolledatev nutzungskontrolleeq2.1
datev:nutzungskontrolledatev nutzungskontrolleeq2.2

CPE	Name	Operator	Version
datev:nutzungskontrolle	datev nutzungskontrolle	eq	2.1
datev:nutzungskontrolle	datev nutzungskontrolle	eq	2.2

References

lists.grok.org.uk/pipermail/full-disclosure/2003-November/013113.html

www.securityfocus.com/bid/8950

exchange.xforce.ibmcloud.com/vulnerabilities/13589

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2003-1169

nvd1 cvelist1