Lucene search
HistoryOct 04, 2002 - 4:00 a.m.
CVE-2002-0664
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
High
EPSS
0.015
Percentile
87.1%
The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.
Affected configurations
Node
granite_softwarezmergeMatch4.0
ORgranite_softwarezmergeMatch5.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| granite_software | zmerge | 4.0 | cpe:2.3:a:granite_software:zmerge:4.0:*:*:*:*:*:*:* |
| granite_software | zmerge | 5.0 | cpe:2.3:a:granite_software:zmerge:5.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2002-0664
2002-09-10 04:00:00
cve
cve
CVE-2002-0664
2002-10-04 04:00:00
nessus
nessus
IBM Lotus Domino Administration Databases Anonymous Access
2001-03-08 00:00:00
IBM Domino ZMerge Database Security Bypass
2015-10-09 00:00:00
openvas
openvas
HCL / IBM / Lotus Domino Administration Databases Accessible (HTTP)
2005-11-03 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
High
EPSS
0.015
Percentile
87.1%
Related for NVD:CVE-2002-0664