Lucene search

[email protected]CVE-2006-4502

HistoryAug 31, 2006 - 10:04 p.m.

CVE-2006-4502

2006-08-3122:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ezportal

ztml

cms

1.0

authentication bypass

administration area

nvd

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the “Administration Area” script.

CPENameOperatorVersion
ztml:ezportal_ztml_cmsztml ezportal ztml cmseq1.0

CPE	Name	Operator	Version
ztml:ezportal_ztml_cms	ztml ezportal ztml cms	eq	1.0

References

securityreason.com/securityalert/1481

www.securityfocus.com/archive/1/444743/100/0/threaded

www.securityfocus.com/bid/19759

exchange.xforce.ibmcloud.com/vulnerabilities/28668

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON