ID CVE-2002-0664
Summary The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.
References
Vulnerable Configurations
  • cpe:2.3:a:granite_software:zmerge:4.0
    cpe:2.3:a:granite_software:zmerge:4.0
  • cpe:2.3:a:granite_software:zmerge:5.0
    cpe:2.3:a:granite_software:zmerge:5.0
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Web Servers
    NASL id DOMINO_DEFAULT_DB.NASL
    description The remote Lotus Domino server allows an anonymous user to access sensitive information such as users, databases, configuration of servers (including operating system and hard disk partitioning), and logs of access to users (which could expose sensitive data if GET html forms are used).
    last seen 2018-07-12
    modified 2018-07-10
    plugin id 10629
    published 2001-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10629
    title IBM Lotus Domino Administration Databases Anonymous Access
  • NASL family Web Servers
    NASL id DOMINO_DB_NO_PASSWORD.NASL
    description The version of IBM Domino (formerly IBM Lotus Domino) running on the remote host is affected by a security bypass vulnerability due to insufficient access control list (ACL) settings on the administration databases for ZMerge. An unauthenticated, remote attacker can exploit this issue to disclose configuration information about the IBM Domino server installation or possibly to gain manager level access.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 86322
    published 2015-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86322
    title IBM Domino ZMerge Database Security Bypass
refmap via4
bid 5101
bugtraq 20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs
vulnwatch 20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs
xf zmerge-admindb-script-access(10057)
Last major update 17-10-2016 - 22:21
Published 04-10-2002 - 00:00
Back to Top