Lucene search

[email protected]CVE-2007-0629

HistoryJan 31, 2007 - 6:28 p.m.

CVE-2007-0629

2007-01-3118:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0629

plain black webgui

asset deletion

unauthorized access

nvd

6.7 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

73.9%

JSON

The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
plain_black:webguiplain black webguieq7.3.8

CPE	Name	Operator	Version
plain_black:webgui	plain black webgui	eq	7.3.8

References

osvdb.org/32992

secunia.com/advisories/23981

sourceforge.net/project/shownotes.php?group_id=51417&release_id=481584

www.plainblack.com/getwebgui/advisories/security-defect-discovered-in-7.x-versions

www.securityfocus.com/bid/22294

exchange.xforce.ibmcloud.com/vulnerabilities/31905

6.7 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for CVE-2007-0629

prion1 securityvulns1