{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-09-06T00:00:00", "descriptions": [{"lang": "en", "value": "The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=103134154721846&w=2"}, {"name": "5101", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/5101"}, {"name": "zmerge-admindb-script-access(10057)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/10057.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=103134154721846&w=2"}, {"name": "5101", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5101"}, {"name": "zmerge-admindb-script-access(10057)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10057.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:56:38.317Z"}, "title": "CVE Program Container", "references": [{"name": "20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=103134154721846&w=2"}, {"name": "5101", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/5101"}, {"name": "zmerge-admindb-script-access(10057)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/10057.php"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0664", "datePublished": "2002-09-10T04:00:00", "dateReserved": "2002-07-04T00:00:00", "dateUpdated": "2024-08-08T02:56:38.317Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:granite_software:zmerge:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D207BA8E-6A2D-4088-AB60-7CC4EE3AD885", "vulnerable": true}, {"criteria": "cpe:2.3:a:granite_software:zmerge:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "74C281C6-A491-47FF-A52E-FAB6E7AA626E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts."}, {"lang": "es", "value": "Las listas de control de acceso (ACLs) de la base de datos de administraci\u00f3n en ZMerge 4.x y 5.x provee a usuarios arbitrarios (incluyendo usuarios an\u00f3nimos) con nivel de acceso de Manager, lo que permite a los usuarios leer o modificar guiones (scripts) para importar y exportar."}], "id": "CVE-2002-0664", "lastModified": "2016-10-18T02:21:13.783", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-10-04T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=103134154721846&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/10057.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/5101"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}