Lucene search

[email protected]CVE-2007-1923

HistoryApr 10, 2007 - 11:19 p.m.

CVE-2007-1923

2007-04-1023:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

vulnerability

ledgersmb

dws systems

sql-ledger

access control

remote attackers

nvd

cwe-264

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.5%

JSON

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.

CPENameOperatorVersion
ledgersmb:ledgersmbledgersmblt1.3.0
sql-ledger:sql-ledgersql-ledgereq-

CPE	Name	Operator	Version
ledgersmb:ledgersmb	ledgersmb	lt	1.3.0
sql-ledger:sql-ledger	sql-ledger	eq	-

References

osvdb.org/38217

osvdb.org/38218

securityreason.com/securityalert/2552

www.securityfocus.com/archive/1/464880/100/0/threaded

www.securityfocus.com/bid/23352

exchange.xforce.ibmcloud.com/vulnerabilities/33494

github.com/ledgersmb/LedgerSMB/blob/master/Changelog

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.5%

JSON

Related for CVE-2007-1923

prion1 ubuntucve1 cvelist1 debiancve1 securityvulns1