ID |
CVE-2003-1169
|
Summary |
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 4.6 (as of 11-07-2017 - 01:29) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 8950 | fulldisc | 20031101 DATEV Nutzungskontrolle Bypassing (REG) | xf | nutzungskontrolle-registry-security-bypass(13589) |
|
Last major update |
11-07-2017 - 01:29 |
Published |
31-12-2003 - 05:00 |
Last modified |
11-07-2017 - 01:29 |