CVE-2002-0712

Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/720017	Patch Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/AAMN-5KKVXC	US Government Resource
http://www.securityfocus.com/bid/7284	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11724

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:entrust:entrust_authority_security_manager:5.0:::::::*
	cpe:2.3:a:entrust:entrust_authority_security_manager:6.0:::::::*

History

No history.

Information

Published : 2004-02-03 05:00

Updated : 2023-12-10 10:17

NVD link : CVE-2002-0712

Mitre link : CVE-2002-0712

CVE.ORG link : CVE-2002-0712

JSON object : View

Products Affected

entrust

entrust_authority_security_manager

CWE

NVD-CWE-Other

{"id": "CVE-2002-0712", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-02-03T05:00:00.000", "references": [{"url": "http://www.kb.cert.org/vuls/id/720017", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7284", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations."}, {"lang": "es", "value": "Entrust Authority Security Manager (EASM) 6.0 no requiere que m\u00faltiples usuarios m\u00e1ster cambien el password de un usuario m\u00e1ster, lo que permitir\u00eda que un usuario master ejecute operaciones que requieren autorizaci\u00f3n m\u00faltiple."}], "lastModified": "2017-07-11T01:29:12.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:entrust:entrust_authority_security_manager:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C76D126-F85B-435A-B761-F28FE8EDC147"}, {"criteria": "cpe:2.3:a:entrust:entrust_authority_security_manager:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3D7C7A2-0468-4905-9669-C0EEF1094721"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}