OpenCVE

Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intersystems	Cache Database

Configuration 1 [-]

cpe:2.3:a:intersystems:cache_database:5:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7
https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-07-04T04:00:00

Updated: 2024-08-08T01:58:11.085Z

Reserved: 2003-06-30T00:00:00

Link: CVE-2003-0498

Vulnrichment

No data.

NVD

Status : Modified

Published: 2003-08-07T04:00:00.000

Modified: 2024-11-20T23:44:52.737

Link: CVE-2003-0498

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-07-01T00:00:00", "descriptions": [{"lang": "en", "value": "Cach\u00e9 Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-05T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0498", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cach\u00e9 Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions", "refsource": "IDEFENSE", "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"}, {"name": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/", "refsource": "CONFIRM", "url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:58:11.085Z"}, "title": "CVE Program Container", "references": [{"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0498", "datePublished": "2003-07-04T04:00:00", "dateReserved": "2003-06-30T00:00:00", "dateUpdated": "2024-08-08T01:58:11.085Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intersystems:cache_database:5:*:*:*:*:*:*:*", "matchCriteriaId": "861AC5ED-A105-4D1A-99AF-2C92A4AFBDE3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cach\u00e9 Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges."}, {"lang": "es", "value": "Cach? Database 5.x instala el directorio /cachesys/csp con permisos inseguros, lo que permite que usuarios locales ejecuten c\u00f3digo arbitrario a\u00f1adiendo scripts del lado del servidor que se ejecutan con privilegios root."}], "id": "CVE-2003-0498", "lastModified": "2024-11-20T23:44:52.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-08-07T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"}, {"source": "cve@mitre.org", "url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}