Lucene search

[email protected]CVE-2007-3200

HistoryJun 12, 2007 - 11:30 p.m.

CVE-2007-3200

2007-06-1223:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3200

novell

nmas

netware

security vulnerability

admin credentials

local users

information disclosure

6.5 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0005 Low

EPSS

Percentile

15.8%

JSON

NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.

Affected configurations

NVD

Node

novellmodular_authentication_serviceRange≤3.1.2

CPENameOperatorVersion
novell:modular_authentication_servicenovell modular authentication servicele3.1.2

CPE	Name	Operator	Version
novell:modular_authentication_service	novell modular authentication service	le	3.1.2

References

osvdb.org/35943

secunia.com/advisories/25592

securitytracker.com/id?1018215

www.securityfocus.com/bid/24405

www.vupen.com/english/advisories/2007/2118

exchange.xforce.ibmcloud.com/vulnerabilities/34806

secure-support.novell.com/KanisaPlatform/Publishing/249/3260550_f.SAL_Public.html

6.5 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0005 Low

EPSS

Percentile

15.8%

JSON

Related for CVE-2007-3200

nvd1 cvelist1 prion1