Lucene search

[email protected]NVD:CVE-2005-2554

HistoryAug 12, 2005 - 4:00 a.m.

CVE-2005-2554

2005-08-1204:00:00

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the “Common Framework\Db” folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.

Affected configurations

NVD

Node

network_associatesepolicy_orchestrator_agentMatch3.5.0_\(patch_3\)

References

knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb42216xml

lists.virus.org/full-disclosure-0508/msg00376.html

reedarvin.thearvins.com/20050811-01.html

secunia.com/advisories/16410

www.osvdb.org/18735

www.securityfocus.com/bid/14549

www.vupen.com/english/advisories/2005/1402

exchange.xforce.ibmcloud.com/vulnerabilities/21839

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2005-2554

cvelist1 cve1 nessus1