Lucene search

[email protected]CVE-2012-2455

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-2455

2022-10-0316:15:38

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-2455

advanced productivity software

dte axiom

authentication bypass

remote attack

data security

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.9%

JSON

Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors.

Affected configurations

NVD

Node

advance_productivity_softwaredte_axiomRange≤12.3.2

CPENameOperatorVersion
advance_productivity_software:dte_axiomadvance productivity software dte axiomle12.3.2

CPE	Name	Operator	Version
advance_productivity_software:dte_axiom	advance productivity software dte axiom	le	12.3.2

References

seclists.org/fulldisclosure/2012/Sep/62

secunia.com/advisories/50508

www.osvdb.org/85499

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for CVE-2012-2455

prion1 cvelist1 nvd1