CVE-2002-0697

Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.iss.net/security_center/static/9657.php
http://www.securityfocus.com/bid/5308
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036
http://www.iss.net/security_center/static/9657.php
http://www.securityfocus.com/bid/5308
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:metadirectory_services:2.2:*:*:*:*:*:*:*

History

20 Nov 2024, 23:39

Type	Values Removed	Values Added
References	~~() http://www.iss.net/security_center/static/9657.php -~~	() http://www.iss.net/security_center/static/9657.php -
References	~~() http://www.securityfocus.com/bid/5308 -~~	() http://www.securityfocus.com/bid/5308 -
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036 -

Information

Published : 2002-08-12 04:00

Updated : 2024-11-20 23:39

NVD link : CVE-2002-0697

Mitre link : CVE-2002-0697

CVE.ORG link : CVE-2002-0697

JSON object : View

Products Affected

microsoft

metadirectory_services

CWE

NVD-CWE-Other

{"id": "CVE-2002-0697", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"url": "http://www.iss.net/security_center/static/9657.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5308", "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/9657.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/5308", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials."}, {"lang": "es", "value": "Microsoft Metadirectory Services (MMS) 2.2 permite que atacantes remotos se salten la autentificaci\u00f3n y modifiquen datos importantes usando un cliente LDAP para conectarse directamente a MMS y saltarse las comprobaciones de credenciales para MMS."}], "lastModified": "2024-11-20T23:39:39.910", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:metadirectory_services:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "894495FD-6B65-4FC1-A4EF-1F695452352C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}