CVE-2001-1151

Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/220666	Patch Vendor Advisory
http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318
https://exchange.xforce.ibmcloud.com/vulnerabilities/7286
http://www.securityfocus.com/archive/1/220666	Patch Vendor Advisory
http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318
https://exchange.xforce.ibmcloud.com/vulnerabilities/7286

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:trend_micro:officescan:corporate_3.53:::::::*
	cpe:2.3:a:trend_micro:virus_buster:corporate_3.53:::::::*

History

20 Nov 2024, 23:37

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/archive/1/220666 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/archive/1/220666 - Patch, Vendor Advisory
References	~~() http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318 -~~	() http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/7286 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/7286 -

Information

Published : 2001-10-15 04:00

Updated : 2024-11-20 23:37

NVD link : CVE-2001-1151

Mitre link : CVE-2001-1151

CVE.ORG link : CVE-2001-1151

JSON object : View

Products Affected

trend_micro

virus_buster
officescan

CWE

NVD-CWE-Other

{"id": "CVE-2001-1151", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-10-15T04:00:00.000", "references": [{"url": "http://www.securityfocus.com/archive/1/220666", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/220666", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password."}], "lastModified": "2024-11-20T23:37:00.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5FF32ED-84C2-4A22-BA4D-2436B96A69A8"}, {"criteria": "cpe:2.3:a:trend_micro:virus_buster:corporate_3.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "924B6C34-036E-4A3E-A5CA-219D06379A1B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}