cvelistv5 - CVE-2007-6334

CVE-2007-6334

Vulnerability from cvelistv5

Published

2007-12-20 23:00

Modified

2024-08-07 16:02

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28183	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28187	Patch, Vendor Advisory
cve@mitre.org	http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp
cve@mitre.org	http://www.ingres.com/support/security-alertDec17.php
cve@mitre.org	http://www.osvdb.org/39358
cve@mitre.org	http://www.securityfocus.com/archive/1/485448/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26959	Patch
cve@mitre.org	http://www.securitytracker.com/id?1019134
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4303
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4304
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28183	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28187	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp
af854a3a-2127-422b-91ae-364da2661108	http://www.ingres.com/support/security-alertDec17.php
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/39358
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485448/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26959	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019134
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4303
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4304

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:02:36.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-4303",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4303"
          },
          {
            "name": "1019134",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019134"
          },
          {
            "name": "39358",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/39358"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ingres.com/support/security-alertDec17.php"
          },
          {
            "name": "28187",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28187"
          },
          {
            "name": "26959",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26959"
          },
          {
            "name": "28183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28183"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
          },
          {
            "name": "ADV-2007-4304",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4304"
          },
          {
            "name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-4303",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4303"
        },
        {
          "name": "1019134",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019134"
        },
        {
          "name": "39358",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/39358"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ingres.com/support/security-alertDec17.php"
        },
        {
          "name": "28187",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28187"
        },
        {
          "name": "26959",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26959"
        },
        {
          "name": "28183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28183"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
        },
        {
          "name": "ADV-2007-4304",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4304"
        },
        {
          "name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6334",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-4303",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4303"
            },
            {
              "name": "1019134",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019134"
            },
            {
              "name": "39358",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/39358"
            },
            {
              "name": "http://www.ingres.com/support/security-alertDec17.php",
              "refsource": "CONFIRM",
              "url": "http://www.ingres.com/support/security-alertDec17.php"
            },
            {
              "name": "28187",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28187"
            },
            {
              "name": "26959",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26959"
            },
            {
              "name": "28183",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28183"
            },
            {
              "name": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
            },
            {
              "name": "ADV-2007-4304",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4304"
            },
            {
              "name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6334",
    "datePublished": "2007-12-20T23:00:00",
    "dateReserved": "2007-12-13T00:00:00",
    "dateUpdated": "2024-08-07T16:02:36.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED27882B-A02A-4D5F-9117-A47976C676E0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43A75B42-4739-4E98-A6B9-704B51BD59EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCE11A92-56B9-43A2-9E3D-D511AE713F45\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.\"}, {\"lang\": \"es\", \"value\": \"Ingres 2.5 y 2.6 para Windows, usados en m\\u00faltiples productos CA y posiblemente otros, asigna los privilegios y la identidad de los usuarios para que sean la misma que el primer usuario, lo cual permite a atacantes remotos obtener privilegios.\"}]",
      "id": "CVE-2007-6334",
      "lastModified": "2024-11-21T00:39:53.880",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-12-20T23:46:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/28183\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/28187\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ingres.com/support/security-alertDec17.php\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/39358\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/485448/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26959\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019134\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4303\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4304\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28183\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/28187\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ingres.com/support/security-alertDec17.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/39358\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/485448/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26959\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019134\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4303\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4304\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6334\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-12-20T23:46:00.000\",\"lastModified\":\"2024-11-21T00:39:53.880\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.\"},{\"lang\":\"es\",\"value\":\"Ingres 2.5 y 2.6 para Windows, usados en m\u00faltiples productos CA y posiblemente otros, asigna los privilegios y la identidad de los usuarios para que sean la misma que el primer usuario, lo cual permite a atacantes remotos obtener privilegios.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED27882B-A02A-4D5F-9117-A47976C676E0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43A75B42-4739-4E98-A6B9-704B51BD59EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE11A92-56B9-43A2-9E3D-D511AE713F45\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/28183\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28187\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ingres.com/support/security-alertDec17.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/39358\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/485448/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26959\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019134\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4303\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4304\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28183\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ingres.com/support/security-alertDec17.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/39358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/485448/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26959\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019134\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4304\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication. Attackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible. This issue affects Ingres 2.5 and 2.6 when running on Windows. NOTE: This issue does not affect the Ingres .NET data provider.

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: Ingres User Authentication Security Issue

SECUNIA ADVISORY ID: SA28187

VERIFY ADVISORY: http://secunia.com/advisories/28187/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE:

From local network

SOFTWARE: Ingres 2.x http://secunia.com/product/14576/

DESCRIPTION: A security issue has been reported in Ingres, which potentially can be exploited by malicious users to bypass certain security restrictions. and 2.6 on Windows.

SOLUTION: Apply fixes (requires login): http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415703+HTMPL=kt_document_view.htmpl

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alertDec17.php

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. Title: [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability

CA Vuln ID (CAID): 35970

CA Advisory Date: 2007-12-19

Reported By: Ingres Corporation

Impact: Attacker can gain elevated privileges.

Summary: A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected. In all reported instances, the application (typically an ASP.NET application using the Ingres ODBC driver) was running on Microsoft IIS Web server, and with the Integrated Windows Authentication (IWA) option enabled. While IWA is not enabled by default, it is a commonly used option.

Mitigating Factors: The vulnerability exists only on Windows systems running Microsoft IIS Web server that have the Integrated Windows Authentication (IWA) option enabled.

Severity: CA has given this vulnerability a High risk rating.

Affected Products: All CA products that embed Ingres 2.5 and Ingres 2.6, and also run Microsoft IIS Web server with the Integrated Windows Authentication (IWA) option enabled.

Affected Platforms: Windows

Status and Recommendation (URLs may wrap): Ingres has issued the following patches to address the vulnerabilities. Ingres 2.6 Single-Byte patch - Ingres 2.6 Single-Byte patch ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12467-win-x86.zip Ingres 2.6 Double-Byte patch- Ingres 2.6 Double-Byte patch ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12473-win-x86-DBL.zip Ingres 2.5 Single Byte Patch- Ingres 2.5 Single Byte patch ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.5.0605.12291-win-x86.zip Potential problems installing the patches: While testing these patches, CA identified an install issue when the user is presented with the option to make a backup of the Ingres installation. In cases where a is in the path, the path is not properly read. The backup does get taken and is by default stored in the %II_SYSTEM%\ingres\install\backup directory. Additionally, if the user happens to press the "Set Directory" button, the path will be displayed. Clicking "ok" will result in a message stating "... spaces are not supported in paths... ". This also is an error; pressing cancel will return the user to the first screen with the default path, and while the displayed path is terminated at a space, the actual path does work. To avoid this issue, use DOS 8.3 definitions (ex. C:\progra~1\CA\ingres).

How to determine if you are affected: Check the %II_SYSTEM%\ingres\version.rel file to identify the Ingres version. If the installed version of Ingres 2.6 is a Double-Byte version (should have DBL referenced), please download the 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch.

Workaround: None

References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ Important Security Notice for Customers Using Products that Embed Ingres on Microsoft Windows ONLY http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp Solution Document Reference APARs: N/A CA Security Response Blog posting: CA Products That Embed Ingres Authentication Vulnerability http://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx CA Vuln ID (CAID): 35970 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970 Reported By: Ingres Corporation http://ingres.com/support/security.php http://ingres.com/support/security-alertDec17.php CVE References: CVE-2007-6334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6334 OSVDB References: 39358 http://osvdb.org/39358

Changelog for this advisory: v1.0 - Initial Release

Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx

Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: CA Products Ingres User Authentication Security Issue

SECUNIA ADVISORY ID: SA28183

VERIFY ADVISORY: http://secunia.com/advisories/28183/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE:

From local network

SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor Storage Command Center 11.x http://secunia.com/product/14581/ BrightStor Storage Resource Manager 11.x http://secunia.com/product/5909/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ CA AllFusion Enterprise Workbench 1.x http://secunia.com/product/14579/ CA AllFusion Enterprise Workbench 7.x http://secunia.com/product/14580/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA ARCserve Backup for Laptops & Desktops 11.x http://secunia.com/product/5906/ CA CleverPath Aion 10.x http://secunia.com/product/5582/ CA CleverPath Predictive Analysis Server 3.x http://secunia.com/product/5581/ CA Embedded Entitlements Manager 8.x http://secunia.com/product/14582/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA Network Forensics 8.x http://secunia.com/product/14585/ CA Unicenter Advanced Systems Management 11.x http://secunia.com/product/14587/ CA Unicenter Asset Intelligence 11.x http://secunia.com/product/14588/ CA Unicenter Asset Management 11.x http://secunia.com/product/14589/ CA Unicenter Asset Portfolio Management 11.x http://secunia.com/product/7125/ CA Unicenter Database Command Center 11.x http://secunia.com/product/12928/ CA Unicenter Desktop and Server Management 11.x http://secunia.com/product/14590/ CA Unicenter Desktop Management Suite 11.x http://secunia.com/product/14591/ CA Unicenter Enterprise Job Manager 1.x http://secunia.com/product/5588/ CA Unicenter Job Management Option 11.x http://secunia.com/product/14592/ CA Unicenter Lightweight Portal 2.x http://secunia.com/product/14593/ CA Unicenter Management Portal 3.x http://secunia.com/product/3936/ CA Unicenter Network and Systems Management (NSM) 11.x http://secunia.com/product/14437/ CA Unicenter Network and Systems Management (NSM) 3.x http://secunia.com/product/1683/ CA Unicenter Patch Management 11.x http://secunia.com/product/14595/ CA Unicenter Remote Control 11.x http://secunia.com/product/14596/ CA Unicenter Remote Control 6.x http://secunia.com/product/2622/ CA Unicenter Service Accounting 11.x http://secunia.com/product/7127/ CA Unicenter Service Assure 11.x http://secunia.com/product/7128/ CA Unicenter Service Assure 2.x http://secunia.com/product/14597/ CA Unicenter Service Catalog 11.x http://secunia.com/product/7129/ CA Unicenter Service Delivery 11.x http://secunia.com/product/14598/ CA Unicenter Service Intelligence 11.x http://secunia.com/product/14599/ CA Unicenter Service Metric Analysis 11.x http://secunia.com/product/7126/ CA Unicenter Service Metric Analysis 3.x http://secunia.com/product/14600/ CA Unicenter ServicePlus Service Desk 11.x http://secunia.com/product/14602/ CA Unicenter ServicePlus Service Desk 5.x http://secunia.com/product/14601/ CA Unicenter ServicePlus Service Desk 6.x http://secunia.com/product/1684/ CA Unicenter Software Delivery 11.x http://secunia.com/product/7120/ CA Unicenter TNG 2.x http://secunia.com/product/3206/ CA Unicenter Web Services Distributed Management 3.x http://secunia.com/product/12199/ CA Unicenter Workload Control Center 1.x http://secunia.com/product/12932/ CA Wily SOA Manager 7.x http://secunia.com/product/14603/ eTrust Directory 8.x http://secunia.com/product/7114/ eTrust IAM Suite 8.x http://secunia.com/product/14583/ eTrust Identity Manager 8.x http://secunia.com/product/14584/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/ eTrust Single Sign-On 7.x http://secunia.com/product/10747/ eTrust Web Access Control 1.x http://secunia.com/product/14586/

DESCRIPTION: A vulnerability has been reported in CA products, which can be exploited by malicious users to bypass certain security restrictions.

SOLUTION: Apply patches (see the vendor's advisory for more information)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200712-0115",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ingres",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ingres",
        "version": "2.6"
      },
      {
        "model": "ingres",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ingres",
        "version": "2.5"
      },
      {
        "model": "ingres",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ingres",
        "version": "2.5 and  2.6"
      },
      {
        "model": "windows nt",
        "scope": null,
        "trust": 0.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "associates allfusion enterprise workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7.1"
      },
      {
        "model": "associates unicenter enterprise job manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.2.1"
      },
      {
        "model": "associates unicenter tng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      },
      {
        "model": "associates etrust admin sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.5"
      },
      {
        "model": "associates unicenter tng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.1"
      },
      {
        "model": "associates unicenter service metric analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates brightstor arcserve backup 11.5.sp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates allfusion enterprise workbench sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.1"
      },
      {
        "model": "associates etrust secure content manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates etrust secure content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates etrust admin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "model": "associates allfusion harvest change manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7"
      },
      {
        "model": "associates unicenter remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.11"
      },
      {
        "model": "associates unicenter tng 2.4.2j",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates unicenter remote control sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.0"
      },
      {
        "model": "associates unicenter enterprise job manager sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates advantage plex for distributed systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "5.5"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates brightstor arcserve backup sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5.2"
      },
      {
        "model": "associates etrust secure content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates etrust admin sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1.1"
      },
      {
        "model": "associates unicenter enterprise job manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates unicenter service intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter serviceplus service desk sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "5.5"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates web service distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.50"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates brightstor arcserve backup 11.5.sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates etrust single sign-on",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "9.01"
      },
      {
        "model": "associates allfusion enterprise workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.1"
      },
      {
        "model": "associates unicenter service metric analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.0.2"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingres",
        "version": "2.6"
      },
      {
        "model": "associates unicenter service assure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter desktop and server management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates etrust identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates unicenter workload control center 1.0.sp4",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates unicenter job management option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates cleverpath aion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.0"
      },
      {
        "model": "associates unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.3"
      },
      {
        "model": "associates etrust audit sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8"
      },
      {
        "model": "associates unicenter lightweight portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2"
      },
      {
        "model": "associates etrust web access control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates web service distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.11"
      },
      {
        "model": "associates unicenter service assure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates unicenter tng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.5"
      },
      {
        "model": "associates unicenter service delivery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates cleverpath predictive analysis server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.0"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "5.5.1"
      },
      {
        "model": "associates unicenter serviceplus service desk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.0"
      },
      {
        "model": "associates unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates wily soa manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7.1"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingres",
        "version": "2.5"
      },
      {
        "model": "associates allfusion enterprise workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7"
      },
      {
        "model": "associates unicenter asset intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter management portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.1.1"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.0"
      },
      {
        "model": "associates unicenter",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates brightstor arcserve backup 11.5.sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates unicenter tng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.4.2"
      },
      {
        "model": "associates unicenter management portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.1"
      },
      {
        "model": "associates etrust admin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates unicenter tng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.4"
      },
      {
        "model": "associates unicenter service accounting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates etrust secure content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.1"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "5.5"
      },
      {
        "model": "associates unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.1"
      },
      {
        "model": "associates unicenter enterprise job manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates unicenter service assure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      },
      {
        "model": "associates etrust admin sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1.2"
      },
      {
        "model": "associates unicenter software delivery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.0"
      },
      {
        "model": "associates unicenter service delivery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter service catalog",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter workload control center sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1"
      },
      {
        "model": "associates unicenter service accounting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.2"
      },
      {
        "model": "associates allfusion harvest change manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7.1"
      },
      {
        "model": "associates unicenter enterprise job manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "9.1"
      },
      {
        "model": "associates etrust directory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates advantage data transformer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      },
      {
        "model": "associates unicenter service metric analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.5"
      },
      {
        "model": "associates unicenter service catalog",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.0"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.0.1"
      },
      {
        "model": "associates unicenter workload control center sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates unicenter database command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates etrust iam suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8"
      },
      {
        "model": "associates unicenter asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter patch management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.1"
      },
      {
        "model": "associates unicenter desktop management suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter service metric analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates etrust admin sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6334"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-299"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6334"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Bill Maimone",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-299"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-6334",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-6334",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-6334",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200712-299",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6334"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-299"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication. \nAttackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible. \nThis issue affects Ingres 2.5 and 2.6 when running on Windows. \nNOTE: This issue does not affect the Ingres .NET data provider. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres User Authentication Security Issue\n\nSECUNIA ADVISORY ID:\nSA28187\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28187/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\n\nDESCRIPTION:\nA security issue has been reported in Ingres, which potentially can\nbe exploited by malicious users to bypass certain security\nrestrictions. and 2.6 on Windows. \n\nSOLUTION:\nApply fixes (requires login):\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415703+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alertDec17.php\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nTitle: [CAID 35970]: CA Products That Embed Ingres Authentication \nVulnerability\n\nCA Vuln ID (CAID): 35970\n\nCA Advisory Date: 2007-12-19\n\nReported By: Ingres Corporation\n\nImpact: Attacker can gain elevated privileges. \n\nSummary: A potential vulnerability exists in the Ingres software \nthat is embedded in various CA products. This vulnerability exists \nonly on Ingres 2.5 and Ingres 2.6 on Windows, and does not \nmanifest itself on any Unix platform. Ingres r3 and Ingres 2006 \nare not affected. In all reported \ninstances, the application (typically an ASP.NET application using \nthe Ingres ODBC driver) was running on Microsoft IIS Web server, \nand with the Integrated Windows Authentication (IWA) option \nenabled. While IWA is not enabled by default, it is a commonly \nused option. \n\nMitigating Factors: The vulnerability exists only on Windows \nsystems running Microsoft IIS Web server that have the Integrated \nWindows Authentication (IWA) option enabled. \n\nSeverity: CA has given this vulnerability a High risk rating. \n\nAffected Products:\nAll CA products that embed Ingres 2.5 and Ingres 2.6, and also run \nMicrosoft IIS Web server with the Integrated Windows \nAuthentication (IWA) option enabled. \n\nAffected Platforms:\nWindows\n\nStatus and Recommendation (URLs may wrap):\nIngres has issued the following patches to address the \nvulnerabilities. \nIngres 2.6 Single-Byte patch - Ingres 2.6 Single-Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12467-win-x86.zip\nIngres 2.6 Double-Byte patch- Ingres 2.6 Double-Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12473-win-x86-DBL.zip\nIngres 2.5 Single Byte Patch- Ingres 2.5 Single Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.5.0605.12291-win-x86.zip\nPotential problems installing the patches:\nWhile testing these patches, CA identified an install issue when \nthe user is presented with the option to make a backup of the \nIngres installation. In cases where a \u003cspace\u003e is in the path, the \npath is not properly read. The backup does get taken and is by \ndefault stored in the %II_SYSTEM%\\ingres\\install\\backup directory. \nAdditionally, if the user happens to press the \"Set Directory\" \nbutton, the path will be displayed. Clicking \"ok\" will result in a \nmessage stating \"... spaces are not supported in paths... \". This \nalso is an error; pressing cancel will return the user to the \nfirst screen with the default path, and while the displayed path \nis terminated at a space, the actual path does work. To avoid this \nissue, use DOS 8.3 definitions (ex. C:\\progra~1\\CA\\ingres). \n\nHow to determine if you are affected:\nCheck the %II_SYSTEM%\\ingres\\version.rel file to identify the \nIngres version. If the installed version of Ingres 2.6 is a \nDouble-Byte version (should have DBL referenced), please download \nthe 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch. \n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nImportant Security Notice for Customers Using Products that Embed \nIngres on Microsoft Windows ONLY\nhttp://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp\nSolution Document Reference APARs:\nN/A\nCA Security Response Blog posting:\nCA Products That Embed Ingres Authentication Vulnerability\nhttp://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx\nCA Vuln ID (CAID): 35970\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970\nReported By: \nIngres Corporation\nhttp://ingres.com/support/security.php\nhttp://ingres.com/support/security-alertDec17.php\nCVE References: CVE-2007-6334\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6334\nOSVDB References: 39358\nhttp://osvdb.org/39358\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nCA Products Ingres User Authentication Security Issue\n\nSECUNIA ADVISORY ID:\nSA28183\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28183/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nBrightStor ARCserve Backup 11.x\nhttp://secunia.com/product/312/\nBrightStor ARCserve Backup 9.x\nhttp://secunia.com/product/313/\nBrightStor Enterprise Backup 10.x\nhttp://secunia.com/product/314/\nBrightStor Storage Command Center 11.x\nhttp://secunia.com/product/14581/\nBrightStor Storage Resource Manager 11.x\nhttp://secunia.com/product/5909/\nCA Advantage Data Transformer 2.x\nhttp://secunia.com/product/5904/\nCA AllFusion Enterprise Workbench 1.x\nhttp://secunia.com/product/14579/\nCA AllFusion Enterprise Workbench 7.x\nhttp://secunia.com/product/14580/\nCA AllFusion Harvest Change Manager 7.x\nhttp://secunia.com/product/5905/\nCA ARCserve Backup for Laptops \u0026 Desktops 11.x\nhttp://secunia.com/product/5906/\nCA CleverPath Aion 10.x\nhttp://secunia.com/product/5582/\nCA CleverPath Predictive Analysis Server 3.x\nhttp://secunia.com/product/5581/\nCA Embedded Entitlements Manager 8.x\nhttp://secunia.com/product/14582/\nCA eTrust Admin 8.x\nhttp://secunia.com/product/5584/\nCA eTrust Audit 8.x\nhttp://secunia.com/product/5912/\nCA Network Forensics 8.x\nhttp://secunia.com/product/14585/\nCA Unicenter Advanced Systems Management 11.x\nhttp://secunia.com/product/14587/\nCA Unicenter Asset Intelligence 11.x\nhttp://secunia.com/product/14588/\nCA Unicenter Asset Management 11.x\nhttp://secunia.com/product/14589/\nCA Unicenter Asset Portfolio Management 11.x\nhttp://secunia.com/product/7125/\nCA Unicenter Database Command Center 11.x\nhttp://secunia.com/product/12928/\nCA Unicenter Desktop and Server Management 11.x\nhttp://secunia.com/product/14590/\nCA Unicenter Desktop Management Suite 11.x\nhttp://secunia.com/product/14591/\nCA Unicenter Enterprise Job Manager 1.x\nhttp://secunia.com/product/5588/\nCA Unicenter Job Management Option 11.x\nhttp://secunia.com/product/14592/\nCA Unicenter Lightweight Portal 2.x\nhttp://secunia.com/product/14593/\nCA Unicenter Management Portal 3.x\nhttp://secunia.com/product/3936/\nCA Unicenter Network and Systems Management (NSM) 11.x\nhttp://secunia.com/product/14437/\nCA Unicenter Network and Systems Management (NSM) 3.x\nhttp://secunia.com/product/1683/\nCA Unicenter Patch Management 11.x\nhttp://secunia.com/product/14595/\nCA Unicenter Remote Control 11.x\nhttp://secunia.com/product/14596/\nCA Unicenter Remote Control 6.x\nhttp://secunia.com/product/2622/\nCA Unicenter Service Accounting 11.x\nhttp://secunia.com/product/7127/\nCA Unicenter Service Assure 11.x\nhttp://secunia.com/product/7128/\nCA Unicenter Service Assure 2.x\nhttp://secunia.com/product/14597/\nCA Unicenter Service Catalog 11.x\nhttp://secunia.com/product/7129/\nCA Unicenter Service Delivery 11.x\nhttp://secunia.com/product/14598/\nCA Unicenter Service Intelligence 11.x\nhttp://secunia.com/product/14599/\nCA Unicenter Service Metric Analysis 11.x\nhttp://secunia.com/product/7126/\nCA Unicenter Service Metric Analysis 3.x\nhttp://secunia.com/product/14600/\nCA Unicenter ServicePlus Service Desk 11.x\nhttp://secunia.com/product/14602/\nCA Unicenter ServicePlus Service Desk 5.x\nhttp://secunia.com/product/14601/\nCA Unicenter ServicePlus Service Desk 6.x\nhttp://secunia.com/product/1684/\nCA Unicenter Software Delivery 11.x\nhttp://secunia.com/product/7120/\nCA Unicenter TNG 2.x\nhttp://secunia.com/product/3206/\nCA Unicenter Web Services Distributed Management 3.x\nhttp://secunia.com/product/12199/\nCA Unicenter Workload Control Center 1.x\nhttp://secunia.com/product/12932/\nCA Wily SOA Manager 7.x\nhttp://secunia.com/product/14603/\neTrust Directory 8.x\nhttp://secunia.com/product/7114/\neTrust IAM Suite 8.x\nhttp://secunia.com/product/14583/\neTrust Identity Manager 8.x\nhttp://secunia.com/product/14584/\neTrust Secure Content Manager (SCM)\nhttp://secunia.com/product/3391/\neTrust Single Sign-On 7.x\nhttp://secunia.com/product/10747/\neTrust Web Access Control 1.x\nhttp://secunia.com/product/14586/\n\nDESCRIPTION:\nA vulnerability has been reported in CA products, which can be\nexploited by malicious users to bypass certain security\nrestrictions. \n\nSOLUTION:\nApply patches (see the vendor\u0027s advisory for more information)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6334"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      },
      {
        "db": "BID",
        "id": "26959"
      },
      {
        "db": "PACKETSTORM",
        "id": "61984"
      },
      {
        "db": "PACKETSTORM",
        "id": "62040"
      },
      {
        "db": "PACKETSTORM",
        "id": "61983"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-6334",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26959",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "28187",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "39358",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "28183",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4303",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4304",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1019134",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004712",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "11325",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20071221 [CAID 35970]: CA PRODUCTS THAT EMBED INGRES AUTHENTICATION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-299",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "61984",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "62040",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "61983",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      },
      {
        "db": "PACKETSTORM",
        "id": "61984"
      },
      {
        "db": "PACKETSTORM",
        "id": "62040"
      },
      {
        "db": "PACKETSTORM",
        "id": "61983"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6334"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-299"
      }
    ]
  },
  "id": "VAR-200712-0115",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.12878788
  },
  "last_update_date": "2023-12-18T13:58:17.618000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "contentID={EA69B32B-90DA-4BA6-A6A5-48C04C888524}",
        "trust": 0.8,
        "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid={ea69b32b-90da-4ba6-a6a5-48c04c888524}"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6334"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.ingres.com/support/security-alertdec17.php"
      },
      {
        "trust": 2.1,
        "url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/28183"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/28187"
      },
      {
        "trust": 1.6,
        "url": "http://www.osvdb.org/39358"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/26959"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id?1019134"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/4303"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/4304"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6334"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6334"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/485448/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/4304"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/4303"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/11325"
      },
      {
        "trust": 0.4,
        "url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:415703+htmpl=kt_document_view.htmpl"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingres.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/485448"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/28187/"
      },
      {
        "trust": 0.2,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.2,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14576/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnect.ca.com."
      },
      {
        "trust": 0.1,
        "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx"
      },
      {
        "trust": 0.1,
        "url": "http://ingres.com/support/security.php"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnect.ca.com/"
      },
      {
        "trust": 0.1,
        "url": "http://osvdb.org/39358"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/contact/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/legal/"
      },
      {
        "trust": 0.1,
        "url": "http://ingres.com/support/security-alertdec17.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6334"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/privacy/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14595/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14584/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7126/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5581/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14590/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14585/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/314/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/12932/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14599/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14592/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14600/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5912/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14582/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3391/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/12928/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7127/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14601/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14603/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28183/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5906/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14598/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7129/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14588/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14597/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14437/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5904/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14580/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14587/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3936/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5582/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7128/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14596/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14602/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14583/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14579/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5905/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3206/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5588/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5584/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5909/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2622/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1684/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/12199/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7125/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1683/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14589/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7120/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14581/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14591/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/10747/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/313/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14593/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7114/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14586/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/312/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      },
      {
        "db": "PACKETSTORM",
        "id": "61984"
      },
      {
        "db": "PACKETSTORM",
        "id": "62040"
      },
      {
        "db": "PACKETSTORM",
        "id": "61983"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6334"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-299"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "26959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      },
      {
        "db": "PACKETSTORM",
        "id": "61984"
      },
      {
        "db": "PACKETSTORM",
        "id": "62040"
      },
      {
        "db": "PACKETSTORM",
        "id": "61983"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6334"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-299"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-12-20T00:00:00",
        "db": "BID",
        "id": "26959"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      },
      {
        "date": "2007-12-24T18:50:38",
        "db": "PACKETSTORM",
        "id": "61984"
      },
      {
        "date": "2007-12-24T19:52:23",
        "db": "PACKETSTORM",
        "id": "62040"
      },
      {
        "date": "2007-12-24T18:50:38",
        "db": "PACKETSTORM",
        "id": "61983"
      },
      {
        "date": "2007-12-20T23:46:00",
        "db": "NVD",
        "id": "CVE-2007-6334"
      },
      {
        "date": "2007-12-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200712-299"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-19T09:28:00",
        "db": "BID",
        "id": "26959"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      },
      {
        "date": "2018-10-15T21:52:10.500000",
        "db": "NVD",
        "id": "CVE-2007-6334"
      },
      {
        "date": "2007-12-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200712-299"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-299"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  CA Used in products  Windows of  Ingres Vulnerability gained in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004712"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-299"
      }
    ],
    "trust": 0.6
  }
}

gsd-2007-6334

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-6334

Aliases

CVE-2007-6334

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6334",
    "description": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.",
    "id": "GSD-2007-6334"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6334"
      ],
      "details": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.",
      "id": "GSD-2007-6334",
      "modified": "2023-12-13T01:21:38.997008Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6334",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-4303",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4303"
          },
          {
            "name": "1019134",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019134"
          },
          {
            "name": "39358",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/39358"
          },
          {
            "name": "http://www.ingres.com/support/security-alertDec17.php",
            "refsource": "CONFIRM",
            "url": "http://www.ingres.com/support/security-alertDec17.php"
          },
          {
            "name": "28187",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28187"
          },
          {
            "name": "26959",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26959"
          },
          {
            "name": "28183",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28183"
          },
          {
            "name": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp",
            "refsource": "CONFIRM",
            "url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
          },
          {
            "name": "ADV-2007-4304",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4304"
          },
          {
            "name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6334"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
            },
            {
              "name": "http://www.ingres.com/support/security-alertDec17.php",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.ingres.com/support/security-alertDec17.php"
            },
            {
              "name": "26959",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/26959"
            },
            {
              "name": "28183",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28183"
            },
            {
              "name": "28187",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28187"
            },
            {
              "name": "1019134",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019134"
            },
            {
              "name": "39358",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/39358"
            },
            {
              "name": "ADV-2007-4303",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4303"
            },
            {
              "name": "ADV-2007-4304",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4304"
            },
            {
              "name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:52Z",
      "publishedDate": "2007-12-20T23:46Z"
    }
  }
}

ghsa-5c6j-4cmg-9vw5

Vulnerability from github

Published

2022-05-01 18:41

Modified

2022-05-01 18:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6334"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-20T23:46:00Z",
    "severity": "MODERATE"
  },
  "details": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.",
  "id": "GHSA-5c6j-4cmg-9vw5",
  "modified": "2022-05-01T18:41:58Z",
  "published": "2022-05-01T18:41:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6334"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28183"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28187"
    },
    {
      "type": "WEB",
      "url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
    },
    {
      "type": "WEB",
      "url": "http://www.ingres.com/support/security-alertDec17.php"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/39358"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26959"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019134"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4303"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4304"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2007-6334

Vulnerability from fkie_nvd

Published

2007-12-20 23:46

Modified

2024-11-21 00:39

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28183	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28187	Patch, Vendor Advisory
cve@mitre.org	http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp
cve@mitre.org	http://www.ingres.com/support/security-alertDec17.php
cve@mitre.org	http://www.osvdb.org/39358
cve@mitre.org	http://www.securityfocus.com/archive/1/485448/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26959	Patch
cve@mitre.org	http://www.securitytracker.com/id?1019134
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4303
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4304
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28183	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28187	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp
af854a3a-2127-422b-91ae-364da2661108	http://www.ingres.com/support/security-alertDec17.php
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/39358
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485448/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26959	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019134
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4303
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4304

Impacted products

Vendor	Product	Version
microsoft	windows_nt	*
ingres	ingres	2.5
ingres	ingres	2.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A75B42-4739-4E98-A6B9-704B51BD59EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
    },
    {
      "lang": "es",
      "value": "Ingres 2.5 y 2.6 para Windows, usados en m\u00faltiples productos CA y posiblemente otros, asigna los privilegios y la identidad de los usuarios para que sean la misma que el primer usuario, lo cual permite a atacantes remotos obtener privilegios."
    }
  ],
  "id": "CVE-2007-6334",
  "lastModified": "2024-11-21T00:39:53.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-12-20T23:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28183"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28187"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ingres.com/support/security-alertDec17.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/39358"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26959"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019134"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4303"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ingres.com/support/security-alertDec17.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/39358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4303"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4304"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-6334

Vulnerability from cvelistv5

var-200712-0115

Vulnerability from variot

gsd-2007-6334

Vulnerability from gsd

ghsa-5c6j-4cmg-9vw5

Vulnerability from github

CVE-2007-6334

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature