Lucene search

[email protected]CVE-2005-3316

HistoryOct 27, 2005 - 10:02 a.m.

CVE-2005-3316

2005-10-2710:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

symantec

discovery

installation

vulnerability

null passwords

security

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.5%

JSON

The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.

CPENameOperatorVersion
symantec:discoverysymantec discoveryeq6.0
symantec:on_command_discoverysymantec on command discoveryeqstandard_4.5
symantec:on_command_discoverysymantec on command discoveryeqweb_4.5

CPE	Name	Operator	Version
symantec:discovery	symantec discovery	eq	6.0
symantec:on_command_discovery	symantec on command discovery	eq	standard_4.5
symantec:on_command_discovery	symantec on command discovery	eq	web_4.5

References

secunia.com/advisories/17302

securityreason.com/securityalert/112

securityresponse.symantec.com/avcenter/security/Content/2005.10.24.html

securitytracker.com/id?1015097

www.securityfocus.com/bid/15188

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.5%

JSON

Related for CVE-2005-3316

cvelist1