CVE-2002-2043

{"id": "CVE-2002-2043", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8748.php", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4409", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password."}], "lastModified": "2008-09-05T20:32:10.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cyrus:sasl:1.5.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5B837A3-E1D7-469D-9A2C-1648DB869524"}, {"criteria": "cpe:2.3:a:cyrus:sasl:1.5.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D5319DC-7C56-4661-83A6-6F226DD6804F"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4.\n", "lastModified": "2006-08-30T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}