CVE-2007-0433

Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/221	Vendor Advisory
http://securitytracker.com/id?1017524	Vendor Advisory
http://secunia.com/advisories/23786	Vendor Advisory
http://www.securityfocus.com/bid/22082
http://osvdb.org/32861

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:aqualogic_service_bus:2.0:::::::*
	cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp1::::::
	cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp2::::::
	cpe:2.3:a:bea:aqualogic_service_bus:2.1:::::::*
	cpe:2.3:a:bea:aqualogic_service_bus:2.1:sp1::::::
	cpe:2.3:a:bea:aqualogic_service_bus:2.2:::::::*

Information

Published : 2007-01-22 18:28

Updated : 2008-11-12 22:31

NVD link : CVE-2007-0433

Mitre link : CVE-2007-0433

JSON object : View

CWE

NVD-CWE-Other

Products Affected

bea

aqualogic_service_bus

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://dev2dev.bea.com/pub/advisory/221", "name": "BEA07-154.00", "tags": ["Vendor Advisory"], "refsource": "BEA"}, {"url": "http://securitytracker.com/id?1017524", "name": "1017524", "tags": ["Vendor Advisory"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/23786", "name": "23786", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/22082", "name": "22082", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/32861", "name": "32861", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0433", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-01-23T02:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bea:aqualogic_service_bus:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_service_bus:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_service_bus:2.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_service_bus:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-11-13T06:31Z"}

6.5 /10