Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2002-1145
HistoryOct 28, 2002 - 5:00 a.m.

CVE-2002-1145

2002-10-2805:00:00
[email protected]
web.nvd.nist.gov
7

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.01

Percentile

83.6%

JSON

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.

Affected configurations

Nvd
Node
microsoftdata_engineMatch1.0
OR
microsoftdata_engineMatch2000
OR
microsoftsql_serverMatch7.0
OR
microsoftsql_serverMatch7.0sp1
OR
microsoftsql_serverMatch7.0sp2
OR
microsoftsql_serverMatch7.0sp3
OR
microsoftsql_serverMatch7.0sp4
OR
microsoftsql_serverMatch2000
OR
microsoftsql_serverMatch2000sp1
OR
microsoftsql_serverMatch2000sp2
VendorProductVersionCPE
microsoftdata_engine1.0cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*
microsoftdata_engine2000cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
microsoftsql_server2000cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
microsoftsql_server2000cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*
microsoftsql_server2000cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*

Related

cve 1
cvelist 1
nessus 1
cve
cve
CVE-2002-1145
2002-10-28 05:00:00
cvelist
cvelist
CVE-2002-1145
2002-10-21 04:00:00
nessus
nessus
MS02-061: Microsoft SQL Server Multiple Vulnerabilities (uncredentialed check)
2003-01-25 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.01

Percentile

83.6%

JSON
Related for NVD:CVE-2002-1145
cve1cvelist1nessus1