CVE-1999-0372

The CVE concerns the BackOffice Server installer leaking credentials: account names and passwords are written to a setup file (reboot.ini) and not deleted after installation. This exposes partial confidentiality risk on local execution, per the CVSS metrics (Low base score, Local attack vector, n...

CVE-2002-0736

Microsoft BackOffice 4.0/4.5, when configured for remote access, is vulnerable to authentication bypass via an HTTP request using a non-blank auth_type, allowing remote attackers to access administrative ASP pages. The provided documents describe the vulnerability and impact but do not include a ...