Lucene search

[email protected]CVE-2007-3455

HistoryJun 27, 2007 - 12:30 a.m.

CVE-2007-3455

2007-06-2700:30:00

CWE-264

[email protected]

web.nvd.nist.gov

trend micro

officescan

corporate edition

password bypass

vulnerability

cve-2007-3455

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.081 Low

EPSS

Percentile

94.3%

JSON

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to “stored decrypted user logon information.”

Affected configurations

NVD

Node

trend_microofficescanMatch8.0corporate

CPENameOperatorVersion
trend_micro:officescantrend micro officescaneq8.0

CPE	Name	Operator	Version
trend_micro:officescan	trend micro officescan	eq	8.0

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=558

osvdb.org/36628

secunia.com/advisories/25778

www.securityfocus.com/bid/24641

www.securityfocus.com/bid/24935

www.securitytracker.com/id?1018320

www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt

www.vupen.com/english/advisories/2007/2330

exchange.xforce.ibmcloud.com/vulnerabilities/35052

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.081 Low

EPSS

Percentile

94.3%

JSON

Related for CVE-2007-3455

prion1 cvelist1 securityvulns2 nvd1 nessus1