Vulnerability Details CVE-2010-0935
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.6%
CVSS Severity
CVSS v2 Score 4.6
References
- http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html
- http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html
- http://www.securityfocus.com/bid/36261
- http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html
- http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html
- http://www.securityfocus.com/bid/36261
Products affected by CVE-2010-0935
-
cpe:2.3:a:perforce:perforce_server:*
-
cpe:2.3:a:perforce:perforce_server:2000.1
-
cpe:2.3:a:perforce:perforce_server:2000.2
-
cpe:2.3:a:perforce:perforce_server:2001.1
-
cpe:2.3:a:perforce:perforce_server:2001.2
-
cpe:2.3:a:perforce:perforce_server:2002.1
-
cpe:2.3:a:perforce:perforce_server:2002.2
-
cpe:2.3:a:perforce:perforce_server:2003.1
-
cpe:2.3:a:perforce:perforce_server:2003.2
-
cpe:2.3:a:perforce:perforce_server:2004.2
-
cpe:2.3:a:perforce:perforce_server:2005.1
-
cpe:2.3:a:perforce:perforce_server:2005.2
-
cpe:2.3:a:perforce:perforce_server:2006.1
-
cpe:2.3:a:perforce:perforce_server:2006.2
-
cpe:2.3:a:perforce:perforce_server:2007.2
-
cpe:2.3:a:perforce:perforce_server:2007.3
-
cpe:2.3:a:perforce:perforce_server:2007.3_143793
-
cpe:2.3:a:perforce:perforce_server:2008.1
-
cpe:2.3:a:perforce:perforce_server:2008.2
-
cpe:2.3:a:perforce:perforce_server:97.3
-
cpe:2.3:a:perforce:perforce_server:98.2
-
cpe:2.3:a:perforce:perforce_server:99.1
-
cpe:2.3:a:perforce:perforce_server:99.2