Overview
- Description
- Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43A75B42-4739-4E98-A6B9-704B51BD59EC"
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]