Lucene search

[email protected]NVD:CVE-2008-2511

HistoryJun 02, 2008 - 9:30 p.m.

CVE-2008-2511

2008-06-0221:30:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.102

Percentile

95.0%

JSON

Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a … (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

cainternet_security_suite_plus_2008

VendorProductVersionCPE
cainternet_security_suite_plus_2008*cpe:2.3:a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ca	internet_security_suite_plus_2008	*	cpe:2.3:a:ca:internet_security_suite_plus_2008::::::::

References

retrogod.altervista.org/9sg_CA_poc.html

secunia.com/advisories/30420

www.securityfocus.com/archive/1/492679/100/0/threaded

www.securitytracker.com/id?1020129

www.vupen.com/english/advisories/2008/1696/references

exchange.xforce.ibmcloud.com/vulnerabilities/42712

www.exploit-db.com/exploits/5682

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.102

Percentile

95.0%

JSON

Related for NVD:CVE-2008-2511

cvelist1 prion1 cve1 exploitdb1