exploitDog

CVE-2001-1448

Опубликовано: 17 дек. 2001

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.

Ссылки

http://www.kb.cert.org/vuls/id/157795
US Government Resource
http://www.securityfocus.com/archive/1/246343
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/10616
http://www.kb.cert.org/vuls/id/157795
US Government Resource
http://www.securityfocus.com/archive/1/246343
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/10616

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:magic:edeveloper:*:*:enterprise:*:*:*:*:*

Версия до 8.30.5 (включая)

EPSS

Процентиль: 32%

0.00121

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-25cc-wj23-95cr

github

больше 3 лет назад

Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.

EPSS

Процентиль: 32%

0.00121

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other