Lucene search

[email protected]CVE-2012-0279

HistoryMay 01, 2012 - 11:55 p.m.

CVE-2012-0279

2012-05-0123:55:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-0279

quest toad

data analysts

weak permissions

vulnerability

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file.

Affected configurations

NVD

Node

questtoad_for_data_analystsMatch3.0.1

CPENameOperatorVersion
quest:toad_for_data_analystsquest toad for data analystseq3.0.1

CPE	Name	Operator	Version
quest:toad_for_data_analysts	quest toad for data analysts	eq	3.0.1

References

secunia.com/advisories/48663

secunia.com/secunia_research/2012-13/

www.securityfocus.com/bid/53276

exchange.xforce.ibmcloud.com/vulnerabilities/75192

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2012-0279

prion1 cvelist1 nvd1