Lucene search

[email protected]CVE-2007-3700

HistoryJul 11, 2007 - 11:30 p.m.

CVE-2007-3700

2007-07-1123:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sun java

access manager

vulnerability

cve-2007-3700

nvd

6.4 Medium

AI Score

Confidence

Low

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.9%

JSON

Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.

CPENameOperatorVersion
sun:java_system_access_managersun java system access managereq*

CPE	Name	Operator	Version
sun:java_system_access_manager	sun java system access manager	eq	*

References

osvdb.org/37249

secunia.com/advisories/26030

sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200386-1

www.securityfocus.com/bid/24859

www.securitytracker.com/id?1018370

www.vupen.com/english/advisories/2007/2496

exchange.xforce.ibmcloud.com/vulnerabilities/35339

6.4 Medium

AI Score

Confidence

Low

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for CVE-2007-3700

prion1 cvelist1 nessus8