6.4

CVE-2002-0049

Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExchange Server Version2000 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.31% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.osvdb.org/2042
Broken Link
http://www.securityfocus.com/bid/4053
Patch
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/8092
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022
Third Party Advisory