Lucene search

[email protected]CVE-2007-0116

HistoryJan 09, 2007 - 2:28 a.m.

CVE-2007-0116

2007-01-0902:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0116

digger solutions

intranet

open source

ios

vulnerability

access control

remote attackers

database

passwords

nvd

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.3%

JSON

Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb.

CPENameOperatorVersion
digger_solutions:intranet_open_sourcedigger solutions intranet open sourceeq*

CPE	Name	Operator	Version
digger_solutions:intranet_open_source	digger solutions intranet open source	eq	*

References

aria-security.com/forum/showthread.php?goto=newpost&t=88

osvdb.org/33379

securityreason.com/securityalert/2109

www.securityfocus.com/archive/1/456047/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/31308

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for CVE-2007-0116

prion1 securityvulns1