Lucene search

[email protected]CVE-2004-2357

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2357

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

mysql

proofpoint protection server

authentication bypass

remote attackers

cve-2004-2357

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

79.0%

JSON

The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.

CPENameOperatorVersion
proofpoint:proofpoint_protection_serverproofpoint proofpoint protection servereq*

CPE	Name	Operator	Version
proofpoint:proofpoint_protection_server	proofpoint proofpoint protection server	eq	*

References

marc.info/?l=full-disclosure&m=107745676915297&w=2

marc.info/?l=full-disclosure&m=107752568009182&w=2

exchange.xforce.ibmcloud.com/vulnerabilities/15280

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2004-2357

openvas1