Vulnerability Details CVE-2007-6334
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/28183
- http://secunia.com/advisories/28187
- http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp
- http://www.ingres.com/support/security-alertDec17.php
- http://www.osvdb.org/39358
- http://www.securityfocus.com/archive/1/485448/100/0/threaded
- http://www.securityfocus.com/bid/26959
- http://www.securitytracker.com/id?1019134
- http://www.vupen.com/english/advisories/2007/4303
- http://www.vupen.com/english/advisories/2007/4304
- http://secunia.com/advisories/28183
- http://secunia.com/advisories/28187
- http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp
- http://www.ingres.com/support/security-alertDec17.php
- http://www.osvdb.org/39358
- http://www.securityfocus.com/archive/1/485448/100/0/threaded
- http://www.securityfocus.com/bid/26959
- http://www.securitytracker.com/id?1019134
- http://www.vupen.com/english/advisories/2007/4303
- http://www.vupen.com/english/advisories/2007/4304
Products affected by CVE-2007-6334
-
cpe:2.3:a:ingres:ingres:2.5
-
cpe:2.3:a:ingres:ingres:2.6
-
cpe:2.3:o:microsoft:windows_nt:-
-
cpe:2.3:o:microsoft:windows_nt:3.0.1
-
cpe:2.3:o:microsoft:windows_nt:3.1
-
cpe:2.3:o:microsoft:windows_nt:3.5
-
cpe:2.3:o:microsoft:windows_nt:3.5.1
-
cpe:2.3:o:microsoft:windows_nt:3.51
-
cpe:2.3:o:microsoft:windows_nt:4.0