CVE-2012-2455

{"id": "CVE-2012-2455", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-10T00:55:03.257", "references": [{"url": "http://seclists.org/fulldisclosure/2012/Sep/62", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/50508", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/85499", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors."}, {"lang": "es", "value": "Advanced Software Productividad Axiom DTE antes de v12.3.3 no valida la ID de registro, lo que permite a atacantes remotos evitar la autenticaci\u00f3n y leer o modificar datos de los usuarios, clientes y proyectos a trav\u00e9s de vectores no especificados."}], "lastModified": "2012-11-12T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advance_productivity_software:dte_axiom:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A34C5A8F-A434-49CD-AEC1-B40781C58A9E", "versionEndIncluding": "12.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}