CVE Vulnerability

CVE-2007-6334

Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp
http://www.ingres.com/support/security-alertDec17.php
http://www.securityfocus.com/bid/26959 Patch
http://secunia.com/advisories/28183 Patch Vendor Advisory
http://secunia.com/advisories/28187 Patch Vendor Advisory
http://www.securitytracker.com/id?1019134
http://www.osvdb.org/39358
http://www.vupen.com/english/advisories/2007/4303
http://www.vupen.com/english/advisories/2007/4304
http://www.securityfocus.com/archive/1/485448/100/0/threaded
Configurations

Configuration 1
Information

Published : 2007-12-20 11:46

Updated : 2018-10-15 09:52

NVD link : CVE-2007-6334

Mitre link : CVE-2007-6334

Products Affected
No products.
CWE
CWE-264