Lucene search

MitreCVE-2007-2849

HistoryMay 24, 2007 - 6:30 p.m.

CVE-2007-2849

2007-05-2418:30:00

mitre

web.nvd.nist.gov

knowledgetree

document management

cve-2007-2849

security vulnerability

active directory

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.018

Percentile

88.4%

JSON

KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check.

Affected configurations

Nvd

Node

knowledgetree_document_managementknowledgetree_document_managementMatch3.3.3

VendorProductVersionCPE
knowledgetree_document_managementknowledgetree_document_management3.3.3cpe:2.3:a:knowledgetree_document_management:knowledgetree_document_management:3.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
knowledgetree_document_management	knowledgetree_document_management	3.3.3	cpe:2.3:a:knowledgetree_document_management:knowledgetree_document_management:3.3.3:::::::*

References

osvdb.org/36578

secunia.com/advisories/25360

sourceforge.net/forum/forum.php?forum_id=698243

sourceforge.net/project/shownotes.php?release_id=510338

www.securityfocus.com/bid/24110

www.vupen.com/english/advisories/2007/1920

exchange.xforce.ibmcloud.com/vulnerabilities/34463

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.018

Percentile

88.4%

JSON

Related for CVE-2007-2849