CVE-2007-0434

BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/220	Vendor Advisory
http://secunia.com/advisories/23786	Vendor Advisory
http://www.securityfocus.com/bid/22082
http://osvdb.org/32860

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:aqualogic_enterprise_security:2.0:sp2::::::
	cpe:2.3:a:bea:aqualogic_enterprise_security:2.1:::::::*
	cpe:2.3:a:bea:aqualogic_enterprise_security:2.1:sp1::::::
	cpe:2.3:a:bea:aqualogic_enterprise_security:2.2:::::::*
	cpe:2.3:a:bea:aqualogic_enterprise_security:2.0:::::::*
	cpe:2.3:a:bea:aqualogic_enterprise_security:2.0:sp1::::::

Information

Published : 2007-01-22 18:28

Updated : 2008-11-12 22:31

NVD link : CVE-2007-0434

Mitre link : CVE-2007-0434

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

bea

aqualogic_enterprise_security

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://dev2dev.bea.com/pub/advisory/220", "name": "BEA07-153.00", "tags": ["Vendor Advisory"], "refsource": "BEA"}, {"url": "http://secunia.com/advisories/23786", "name": "23786", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/22082", "name": "22082", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/32860", "name": "32860", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0434", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-01-23T02:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bea:aqualogic_enterprise_security:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_enterprise_security:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_enterprise_security:2.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_enterprise_security:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_enterprise_security:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:aqualogic_enterprise_security:2.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-11-13T06:31Z"}