var-200712-0115
Vulnerability from variot
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication. Attackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible. This issue affects Ingres 2.5 and 2.6 when running on Windows. NOTE: This issue does not affect the Ingres .NET data provider.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Ingres User Authentication Security Issue
SECUNIA ADVISORY ID: SA28187
VERIFY ADVISORY: http://secunia.com/advisories/28187/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
SOFTWARE: Ingres 2.x http://secunia.com/product/14576/
DESCRIPTION: A security issue has been reported in Ingres, which potentially can be exploited by malicious users to bypass certain security restrictions. and 2.6 on Windows.
SOLUTION: Apply fixes (requires login): http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415703+HTMPL=kt_document_view.htmpl
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alertDec17.php
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Title: [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability
CA Vuln ID (CAID): 35970
CA Advisory Date: 2007-12-19
Reported By: Ingres Corporation
Impact: Attacker can gain elevated privileges.
Summary: A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected. In all reported instances, the application (typically an ASP.NET application using the Ingres ODBC driver) was running on Microsoft IIS Web server, and with the Integrated Windows Authentication (IWA) option enabled. While IWA is not enabled by default, it is a commonly used option.
Mitigating Factors: The vulnerability exists only on Windows systems running Microsoft IIS Web server that have the Integrated Windows Authentication (IWA) option enabled.
Severity: CA has given this vulnerability a High risk rating.
Affected Products: All CA products that embed Ingres 2.5 and Ingres 2.6, and also run Microsoft IIS Web server with the Integrated Windows Authentication (IWA) option enabled.
Affected Platforms: Windows
Status and Recommendation (URLs may wrap):
Ingres has issued the following patches to address the
vulnerabilities.
Ingres 2.6 Single-Byte patch - Ingres 2.6 Single-Byte patch
ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12467-win-x86.zip
Ingres 2.6 Double-Byte patch- Ingres 2.6 Double-Byte patch
ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12473-win-x86-DBL.zip
Ingres 2.5 Single Byte Patch- Ingres 2.5 Single Byte patch
ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.5.0605.12291-win-x86.zip
Potential problems installing the patches:
While testing these patches, CA identified an install issue when
the user is presented with the option to make a backup of the
Ingres installation. In cases where a
How to determine if you are affected: Check the %II_SYSTEM%\ingres\version.rel file to identify the Ingres version. If the installed version of Ingres 2.6 is a Double-Byte version (should have DBL referenced), please download the 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch.
Workaround: None
References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ Important Security Notice for Customers Using Products that Embed Ingres on Microsoft Windows ONLY http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp Solution Document Reference APARs: N/A CA Security Response Blog posting: CA Products That Embed Ingres Authentication Vulnerability http://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx CA Vuln ID (CAID): 35970 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970 Reported By: Ingres Corporation http://ingres.com/support/security.php http://ingres.com/support/security-alertDec17.php CVE References: CVE-2007-6334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6334 OSVDB References: 39358 http://osvdb.org/39358
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: CA Products Ingres User Authentication Security Issue
SECUNIA ADVISORY ID: SA28183
VERIFY ADVISORY: http://secunia.com/advisories/28183/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor Storage Command Center 11.x http://secunia.com/product/14581/ BrightStor Storage Resource Manager 11.x http://secunia.com/product/5909/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ CA AllFusion Enterprise Workbench 1.x http://secunia.com/product/14579/ CA AllFusion Enterprise Workbench 7.x http://secunia.com/product/14580/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA ARCserve Backup for Laptops & Desktops 11.x http://secunia.com/product/5906/ CA CleverPath Aion 10.x http://secunia.com/product/5582/ CA CleverPath Predictive Analysis Server 3.x http://secunia.com/product/5581/ CA Embedded Entitlements Manager 8.x http://secunia.com/product/14582/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA Network Forensics 8.x http://secunia.com/product/14585/ CA Unicenter Advanced Systems Management 11.x http://secunia.com/product/14587/ CA Unicenter Asset Intelligence 11.x http://secunia.com/product/14588/ CA Unicenter Asset Management 11.x http://secunia.com/product/14589/ CA Unicenter Asset Portfolio Management 11.x http://secunia.com/product/7125/ CA Unicenter Database Command Center 11.x http://secunia.com/product/12928/ CA Unicenter Desktop and Server Management 11.x http://secunia.com/product/14590/ CA Unicenter Desktop Management Suite 11.x http://secunia.com/product/14591/ CA Unicenter Enterprise Job Manager 1.x http://secunia.com/product/5588/ CA Unicenter Job Management Option 11.x http://secunia.com/product/14592/ CA Unicenter Lightweight Portal 2.x http://secunia.com/product/14593/ CA Unicenter Management Portal 3.x http://secunia.com/product/3936/ CA Unicenter Network and Systems Management (NSM) 11.x http://secunia.com/product/14437/ CA Unicenter Network and Systems Management (NSM) 3.x http://secunia.com/product/1683/ CA Unicenter Patch Management 11.x http://secunia.com/product/14595/ CA Unicenter Remote Control 11.x http://secunia.com/product/14596/ CA Unicenter Remote Control 6.x http://secunia.com/product/2622/ CA Unicenter Service Accounting 11.x http://secunia.com/product/7127/ CA Unicenter Service Assure 11.x http://secunia.com/product/7128/ CA Unicenter Service Assure 2.x http://secunia.com/product/14597/ CA Unicenter Service Catalog 11.x http://secunia.com/product/7129/ CA Unicenter Service Delivery 11.x http://secunia.com/product/14598/ CA Unicenter Service Intelligence 11.x http://secunia.com/product/14599/ CA Unicenter Service Metric Analysis 11.x http://secunia.com/product/7126/ CA Unicenter Service Metric Analysis 3.x http://secunia.com/product/14600/ CA Unicenter ServicePlus Service Desk 11.x http://secunia.com/product/14602/ CA Unicenter ServicePlus Service Desk 5.x http://secunia.com/product/14601/ CA Unicenter ServicePlus Service Desk 6.x http://secunia.com/product/1684/ CA Unicenter Software Delivery 11.x http://secunia.com/product/7120/ CA Unicenter TNG 2.x http://secunia.com/product/3206/ CA Unicenter Web Services Distributed Management 3.x http://secunia.com/product/12199/ CA Unicenter Workload Control Center 1.x http://secunia.com/product/12932/ CA Wily SOA Manager 7.x http://secunia.com/product/14603/ eTrust Directory 8.x http://secunia.com/product/7114/ eTrust IAM Suite 8.x http://secunia.com/product/14583/ eTrust Identity Manager 8.x http://secunia.com/product/14584/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/ eTrust Single Sign-On 7.x http://secunia.com/product/10747/ eTrust Web Access Control 1.x http://secunia.com/product/14586/
DESCRIPTION: A vulnerability has been reported in CA products, which can be exploited by malicious users to bypass certain security restrictions.
SOLUTION: Apply patches (see the vendor's advisory for more information)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200712-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2.5 and 2.6"
},
{
"model": "windows nt",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates unicenter enterprise job manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2.1"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates etrust admin sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.1"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup 11.5.sp3",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates allfusion enterprise workbench sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates etrust secure content manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.11"
},
{
"model": "associates unicenter tng 2.4.2j",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter remote control sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter enterprise job manager sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates advantage plex for distributed systems",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates brightstor arcserve backup sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5.2"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1.1"
},
{
"model": "associates unicenter enterprise job manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter service intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter serviceplus service desk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates web service distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.50"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup 11.5.sp1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.01"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter desktop and server management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates unicenter workload control center 1.0.sp4",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates cleverpath aion",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.3"
},
{
"model": "associates etrust audit sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates unicenter lightweight portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2"
},
{
"model": "associates etrust web access control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates web service distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.11"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.5"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates cleverpath predictive analysis server",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5.1"
},
{
"model": "associates unicenter serviceplus service desk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates wily soa manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates unicenter asset intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter management portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates brightstor arcserve backup 11.5.sp2",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4.2"
},
{
"model": "associates unicenter management portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4"
},
{
"model": "associates unicenter service accounting",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter enterprise job manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1.2"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter workload control center sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1"
},
{
"model": "associates unicenter service accounting",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates unicenter enterprise job manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.1"
},
{
"model": "associates etrust directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0.1"
},
{
"model": "associates unicenter workload control center sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter database command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates etrust iam suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter patch management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter desktop management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
}
],
"sources": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bill Maimone",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
],
"trust": 0.6
},
"cve": "CVE-2007-6334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-6334",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-6334",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200712-299",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication. \nAttackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible. \nThis issue affects Ingres 2.5 and 2.6 when running on Windows. \nNOTE: This issue does not affect the Ingres .NET data provider. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres User Authentication Security Issue\n\nSECUNIA ADVISORY ID:\nSA28187\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28187/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\n\nDESCRIPTION:\nA security issue has been reported in Ingres, which potentially can\nbe exploited by malicious users to bypass certain security\nrestrictions. and 2.6 on Windows. \n\nSOLUTION:\nApply fixes (requires login):\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415703+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alertDec17.php\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nTitle: [CAID 35970]: CA Products That Embed Ingres Authentication \nVulnerability\n\nCA Vuln ID (CAID): 35970\n\nCA Advisory Date: 2007-12-19\n\nReported By: Ingres Corporation\n\nImpact: Attacker can gain elevated privileges. \n\nSummary: A potential vulnerability exists in the Ingres software \nthat is embedded in various CA products. This vulnerability exists \nonly on Ingres 2.5 and Ingres 2.6 on Windows, and does not \nmanifest itself on any Unix platform. Ingres r3 and Ingres 2006 \nare not affected. In all reported \ninstances, the application (typically an ASP.NET application using \nthe Ingres ODBC driver) was running on Microsoft IIS Web server, \nand with the Integrated Windows Authentication (IWA) option \nenabled. While IWA is not enabled by default, it is a commonly \nused option. \n\nMitigating Factors: The vulnerability exists only on Windows \nsystems running Microsoft IIS Web server that have the Integrated \nWindows Authentication (IWA) option enabled. \n\nSeverity: CA has given this vulnerability a High risk rating. \n\nAffected Products:\nAll CA products that embed Ingres 2.5 and Ingres 2.6, and also run \nMicrosoft IIS Web server with the Integrated Windows \nAuthentication (IWA) option enabled. \n\nAffected Platforms:\nWindows\n\nStatus and Recommendation (URLs may wrap):\nIngres has issued the following patches to address the \nvulnerabilities. \nIngres 2.6 Single-Byte patch - Ingres 2.6 Single-Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12467-win-x86.zip\nIngres 2.6 Double-Byte patch- Ingres 2.6 Double-Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12473-win-x86-DBL.zip\nIngres 2.5 Single Byte Patch- Ingres 2.5 Single Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.5.0605.12291-win-x86.zip\nPotential problems installing the patches:\nWhile testing these patches, CA identified an install issue when \nthe user is presented with the option to make a backup of the \nIngres installation. In cases where a \u003cspace\u003e is in the path, the \npath is not properly read. The backup does get taken and is by \ndefault stored in the %II_SYSTEM%\\ingres\\install\\backup directory. \nAdditionally, if the user happens to press the \"Set Directory\" \nbutton, the path will be displayed. Clicking \"ok\" will result in a \nmessage stating \"... spaces are not supported in paths... \". This \nalso is an error; pressing cancel will return the user to the \nfirst screen with the default path, and while the displayed path \nis terminated at a space, the actual path does work. To avoid this \nissue, use DOS 8.3 definitions (ex. C:\\progra~1\\CA\\ingres). \n\nHow to determine if you are affected:\nCheck the %II_SYSTEM%\\ingres\\version.rel file to identify the \nIngres version. If the installed version of Ingres 2.6 is a \nDouble-Byte version (should have DBL referenced), please download \nthe 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch. \n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nImportant Security Notice for Customers Using Products that Embed \nIngres on Microsoft Windows ONLY\nhttp://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp\nSolution Document Reference APARs:\nN/A\nCA Security Response Blog posting:\nCA Products That Embed Ingres Authentication Vulnerability\nhttp://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx\nCA Vuln ID (CAID): 35970\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970\nReported By: \nIngres Corporation\nhttp://ingres.com/support/security.php\nhttp://ingres.com/support/security-alertDec17.php\nCVE References: CVE-2007-6334\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6334\nOSVDB References: 39358\nhttp://osvdb.org/39358\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nCA Products Ingres User Authentication Security Issue\n\nSECUNIA ADVISORY ID:\nSA28183\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28183/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nBrightStor ARCserve Backup 11.x\nhttp://secunia.com/product/312/\nBrightStor ARCserve Backup 9.x\nhttp://secunia.com/product/313/\nBrightStor Enterprise Backup 10.x\nhttp://secunia.com/product/314/\nBrightStor Storage Command Center 11.x\nhttp://secunia.com/product/14581/\nBrightStor Storage Resource Manager 11.x\nhttp://secunia.com/product/5909/\nCA Advantage Data Transformer 2.x\nhttp://secunia.com/product/5904/\nCA AllFusion Enterprise Workbench 1.x\nhttp://secunia.com/product/14579/\nCA AllFusion Enterprise Workbench 7.x\nhttp://secunia.com/product/14580/\nCA AllFusion Harvest Change Manager 7.x\nhttp://secunia.com/product/5905/\nCA ARCserve Backup for Laptops \u0026 Desktops 11.x\nhttp://secunia.com/product/5906/\nCA CleverPath Aion 10.x\nhttp://secunia.com/product/5582/\nCA CleverPath Predictive Analysis Server 3.x\nhttp://secunia.com/product/5581/\nCA Embedded Entitlements Manager 8.x\nhttp://secunia.com/product/14582/\nCA eTrust Admin 8.x\nhttp://secunia.com/product/5584/\nCA eTrust Audit 8.x\nhttp://secunia.com/product/5912/\nCA Network Forensics 8.x\nhttp://secunia.com/product/14585/\nCA Unicenter Advanced Systems Management 11.x\nhttp://secunia.com/product/14587/\nCA Unicenter Asset Intelligence 11.x\nhttp://secunia.com/product/14588/\nCA Unicenter Asset Management 11.x\nhttp://secunia.com/product/14589/\nCA Unicenter Asset Portfolio Management 11.x\nhttp://secunia.com/product/7125/\nCA Unicenter Database Command Center 11.x\nhttp://secunia.com/product/12928/\nCA Unicenter Desktop and Server Management 11.x\nhttp://secunia.com/product/14590/\nCA Unicenter Desktop Management Suite 11.x\nhttp://secunia.com/product/14591/\nCA Unicenter Enterprise Job Manager 1.x\nhttp://secunia.com/product/5588/\nCA Unicenter Job Management Option 11.x\nhttp://secunia.com/product/14592/\nCA Unicenter Lightweight Portal 2.x\nhttp://secunia.com/product/14593/\nCA Unicenter Management Portal 3.x\nhttp://secunia.com/product/3936/\nCA Unicenter Network and Systems Management (NSM) 11.x\nhttp://secunia.com/product/14437/\nCA Unicenter Network and Systems Management (NSM) 3.x\nhttp://secunia.com/product/1683/\nCA Unicenter Patch Management 11.x\nhttp://secunia.com/product/14595/\nCA Unicenter Remote Control 11.x\nhttp://secunia.com/product/14596/\nCA Unicenter Remote Control 6.x\nhttp://secunia.com/product/2622/\nCA Unicenter Service Accounting 11.x\nhttp://secunia.com/product/7127/\nCA Unicenter Service Assure 11.x\nhttp://secunia.com/product/7128/\nCA Unicenter Service Assure 2.x\nhttp://secunia.com/product/14597/\nCA Unicenter Service Catalog 11.x\nhttp://secunia.com/product/7129/\nCA Unicenter Service Delivery 11.x\nhttp://secunia.com/product/14598/\nCA Unicenter Service Intelligence 11.x\nhttp://secunia.com/product/14599/\nCA Unicenter Service Metric Analysis 11.x\nhttp://secunia.com/product/7126/\nCA Unicenter Service Metric Analysis 3.x\nhttp://secunia.com/product/14600/\nCA Unicenter ServicePlus Service Desk 11.x\nhttp://secunia.com/product/14602/\nCA Unicenter ServicePlus Service Desk 5.x\nhttp://secunia.com/product/14601/\nCA Unicenter ServicePlus Service Desk 6.x\nhttp://secunia.com/product/1684/\nCA Unicenter Software Delivery 11.x\nhttp://secunia.com/product/7120/\nCA Unicenter TNG 2.x\nhttp://secunia.com/product/3206/\nCA Unicenter Web Services Distributed Management 3.x\nhttp://secunia.com/product/12199/\nCA Unicenter Workload Control Center 1.x\nhttp://secunia.com/product/12932/\nCA Wily SOA Manager 7.x\nhttp://secunia.com/product/14603/\neTrust Directory 8.x\nhttp://secunia.com/product/7114/\neTrust IAM Suite 8.x\nhttp://secunia.com/product/14583/\neTrust Identity Manager 8.x\nhttp://secunia.com/product/14584/\neTrust Secure Content Manager (SCM)\nhttp://secunia.com/product/3391/\neTrust Single Sign-On 7.x\nhttp://secunia.com/product/10747/\neTrust Web Access Control 1.x\nhttp://secunia.com/product/14586/\n\nDESCRIPTION:\nA vulnerability has been reported in CA products, which can be\nexploited by malicious users to bypass certain security\nrestrictions. \n\nSOLUTION:\nApply patches (see the vendor\u0027s advisory for more information)",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "BID",
"id": "26959"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6334",
"trust": 2.8
},
{
"db": "BID",
"id": "26959",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "28187",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "39358",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28183",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-4303",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-4304",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1019134",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "11325",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20071221 [CAID 35970]: CA PRODUCTS THAT EMBED INGRES AUTHENTICATION VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "61984",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62040",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61983",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"id": "VAR-200712-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2023-12-18T13:58:17.618000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "contentID={EA69B32B-90DA-4BA6-A6A5-48C04C888524}",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid={ea69b32b-90da-4ba6-a6a5-48c04c888524}"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.ingres.com/support/security-alertdec17.php"
},
{
"trust": 2.1,
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/28183"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/28187"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/39358"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/26959"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1019134"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6334"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6334"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/485448/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/4304"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/4303"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/11325"
},
{
"trust": 0.4,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:415703+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/485448"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/28187/"
},
{
"trust": 0.2,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.2,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14576/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx"
},
{
"trust": 0.1,
"url": "http://ingres.com/support/security.php"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://osvdb.org/39358"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://ingres.com/support/security-alertdec17.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6334"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14595/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14590/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14585/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/314/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12932/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14599/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14600/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3391/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12928/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7127/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14601/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14603/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28183/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5906/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14598/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14588/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14597/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14580/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14587/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3936/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7128/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14583/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14579/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3206/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5588/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5909/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2622/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1684/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12199/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7125/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7120/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14591/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10747/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/313/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14593/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7114/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14586/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
}
],
"sources": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-12-20T00:00:00",
"db": "BID",
"id": "26959"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"date": "2007-12-24T18:50:38",
"db": "PACKETSTORM",
"id": "61984"
},
{
"date": "2007-12-24T19:52:23",
"db": "PACKETSTORM",
"id": "62040"
},
{
"date": "2007-12-24T18:50:38",
"db": "PACKETSTORM",
"id": "61983"
},
{
"date": "2007-12-20T23:46:00",
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"date": "2007-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T09:28:00",
"db": "BID",
"id": "26959"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"date": "2018-10-15T21:52:10.500000",
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"date": "2007-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural CA Used in products Windows of Ingres Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.