7.5

CVE-2007-1923

EPSS 1.15%
Published 10.04.2007 23:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
CVE-Watchlists
Login
Open
Login

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Ledgersmb ≫ Ledgersmb Version < 1.3.0

Sql-ledger ≫ Sql-ledger Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.15%	0.776

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://osvdb.org/38217

Broken Link

http://osvdb.org/38218

Broken Link

http://securityreason.com/securityalert/2552

Third Party Advisory

http://www.securityfocus.com/archive/1/464880/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/23352

Third Party Advisory

Broken Link

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/33494

Third Party Advisory

VDB Entry

https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2007-1923

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1923

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1923

EUVD