Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities found for backoffice by microsoft

    CVE-2002-0736 (GCVE-0-2002-0736)

    Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html"
              },
              {
                "name": "backoffice-bypass-authentication(8862)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/8862.php"
              },
              {
                "name": "Q316838",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MSKB",
                  "x_transferred"
                ],
                "url": "http://support.microsoft.com/support/kb/articles/q316/8/38.asp"
              },
              {
                "name": "4528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4528"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-07-31T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html"
            },
            {
              "name": "backoffice-bypass-authentication(8862)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/8862.php"
            },
            {
              "name": "Q316838",
              "tags": [
                "vendor-advisory",
                "x_refsource_MSKB"
              ],
              "url": "http://support.microsoft.com/support/kb/articles/q316/8/38.asp"
            },
            {
              "name": "4528",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4528"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0736",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A)",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html"
                },
                {
                  "name": "backoffice-bypass-authentication(8862)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/8862.php"
                },
                {
                  "name": "Q316838",
                  "refsource": "MSKB",
                  "url": "http://support.microsoft.com/support/kb/articles/q316/8/38.asp"
                },
                {
                  "name": "4528",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4528"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0736",
        "datePublished": "2003-04-02T05:00:00.000Z",
        "dateReserved": "2002-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-0372 (GCVE-0-1999-0372)

    Vulnerability from cvelistv5 – Published: 1999-09-29 04:00 – Updated: 2024-08-01 16:34
    VLAI
    Summary
    The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://support.microsoft.com/default.aspx?scid=kb… vendor-advisoryx_refsource_MSKB
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T16:34:52.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Q217004",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MSKB",
                  "x_transferred"
                ],
                "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ217004"
              },
              {
                "name": "MS99-005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-005"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-02T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "Q217004",
              "tags": [
                "vendor-advisory",
                "x_refsource_MSKB"
              ],
              "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ217004"
            },
            {
              "name": "MS99-005",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-005"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-0372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "Q217004",
                  "refsource": "MSKB",
                  "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q217004"
                },
                {
                  "name": "MS99-005",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-005"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-0372",
        "datePublished": "1999-09-29T04:00:00.000Z",
        "dateReserved": "1999-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-01T16:34:52.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0736 (GCVE-0-2002-0736)

    Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html"
              },
              {
                "name": "backoffice-bypass-authentication(8862)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/8862.php"
              },
              {
                "name": "Q316838",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MSKB",
                  "x_transferred"
                ],
                "url": "http://support.microsoft.com/support/kb/articles/q316/8/38.asp"
              },
              {
                "name": "4528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4528"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-07-31T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html"
            },
            {
              "name": "backoffice-bypass-authentication(8862)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/8862.php"
            },
            {
              "name": "Q316838",
              "tags": [
                "vendor-advisory",
                "x_refsource_MSKB"
              ],
              "url": "http://support.microsoft.com/support/kb/articles/q316/8/38.asp"
            },
            {
              "name": "4528",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4528"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0736",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A)",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html"
                },
                {
                  "name": "backoffice-bypass-authentication(8862)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/8862.php"
                },
                {
                  "name": "Q316838",
                  "refsource": "MSKB",
                  "url": "http://support.microsoft.com/support/kb/articles/q316/8/38.asp"
                },
                {
                  "name": "4528",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4528"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0736",
        "datePublished": "2003-04-02T05:00:00.000Z",
        "dateReserved": "2002-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-0372 (GCVE-0-1999-0372)

    Vulnerability from nvd – Published: 1999-09-29 04:00 – Updated: 2024-08-01 16:34
    VLAI
    Summary
    The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://support.microsoft.com/default.aspx?scid=kb… vendor-advisoryx_refsource_MSKB
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T16:34:52.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Q217004",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MSKB",
                  "x_transferred"
                ],
                "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ217004"
              },
              {
                "name": "MS99-005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-005"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-02T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "Q217004",
              "tags": [
                "vendor-advisory",
                "x_refsource_MSKB"
              ],
              "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ217004"
            },
            {
              "name": "MS99-005",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-005"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-0372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "Q217004",
                  "refsource": "MSKB",
                  "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q217004"
                },
                {
                  "name": "MS99-005",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-005"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-0372",
        "datePublished": "1999-09-29T04:00:00.000Z",
        "dateReserved": "1999-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-01T16:34:52.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }