CVE-2007-2849

KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/36578
http://secunia.com/advisories/25360	Patch Vendor Advisory
http://sourceforge.net/forum/forum.php?forum_id=698243
http://sourceforge.net/project/shownotes.php?release_id=510338	Patch
http://www.securityfocus.com/bid/24110
http://www.vupen.com/english/advisories/2007/1920
https://exchange.xforce.ibmcloud.com/vulnerabilities/34463

Configurations

Configuration 1 (hide)

cpe:2.3:a:knowledgetree_document_management:knowledgetree_document_management:3.3.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-05-24 18:30

Updated : 2024-02-28 11:01

NVD link : CVE-2007-2849

Mitre link : CVE-2007-2849

CVE.ORG link : CVE-2007-2849

JSON object : View

Products Affected

knowledgetree_document_management

knowledgetree_document_management

CWE

NVD-CWE-Other

{"id": "CVE-2007-2849", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-05-24T18:30:00.000", "references": [{"url": "http://osvdb.org/36578", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25360", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/forum/forum.php?forum_id=698243", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=510338", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24110", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1920", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34463", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check."}, {"lang": "es", "value": "El Administrador de Documentos KnowledgeTree (tambi\u00e9n conocido como KnowledgeTree Open Source) anterior al STABLE 3.3.7 no requiere contrase\u00f1a para usuarios no registrados, cuando el usuario existe en el Active Directory, lo que permite a atacantes remotos validarse en el KTDMS sin tener un control de autorizaci\u00f3n intencionado."}], "lastModified": "2017-07-29T01:31:46.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:knowledgetree_document_management:knowledgetree_document_management:3.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EFCB854-7EDE-4D1C-B5F5-8C6EE6DAFE89"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}