Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
20 vulnerabilities by intersystems
CVE-2018-17151 (GCVE-0-2018-17151)
Vulnerability from cvelistv5 – Published: 2019-07-11 18:44 – Updated: 2024-08-05 10:39
VLAI
EPSS
VEX
Summary
Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories/intersystem… | x_refsource_MISC |
Date Public
2019-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T18:44:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17151",
"datePublished": "2019-07-11T18:44:53.000Z",
"dateReserved": "2018-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:39:59.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17152 (GCVE-0-2018-17152)
Vulnerability from cvelistv5 – Published: 2019-07-11 18:42 – Updated: 2024-08-05 10:39
VLAI
EPSS
VEX
Summary
Intersystems Cache 2017.2.2.865.0 allows XXE.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories/intersystem… | x_refsource_MISC |
Date Public
2019-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Intersystems Cache 2017.2.2.865.0 allows XXE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T18:42:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intersystems Cache 2017.2.2.865.0 allows XXE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17152",
"datePublished": "2019-07-11T18:42:44.000Z",
"dateReserved": "2018-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:39:59.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17150 (GCVE-0-2018-17150)
Vulnerability from cvelistv5 – Published: 2019-07-11 18:40 – Updated: 2024-08-05 10:39
VLAI
EPSS
VEX
Summary
Intersystems Cache 2017.2.2.865.0 allows XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories/intersystem… | x_refsource_MISC |
Date Public
2019-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Intersystems Cache 2017.2.2.865.0 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T18:40:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intersystems Cache 2017.2.2.865.0 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17150",
"datePublished": "2019-07-11T18:40:35.000Z",
"dateReserved": "2018-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:39:59.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4427 (GCVE-0-2007-4427)
Vulnerability from cvelistv5 – Published: 2007-08-20 19:00 – Updated: 2024-08-07 14:53
VLAI
EPSS
VEX
Summary
Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://groups.google.com/group/intersystems-publi… | mailing-listx_refsource_MLIST |
| http://osvdb.org/40178 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/26541 | third-party-advisoryx_refsource_SECUNIA |
| http://www.intersystems.com/support/cflash/2007an… | x_refsource_CONFIRM |
Date Public
2007-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Cache-News] 20070718 Security Alert: User passed parameter values via CSP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/57d7c80dde26fda3/7845e246da5b095b"
},
{
"name": "40178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40178"
},
{
"name": "26541",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26541"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.intersystems.com/support/cflash/2007announce.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the login page redirection logic in the Cache\u0027 Server Page (CSP) implementation in InterSystems Cache\u0027 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-09-13T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Cache-News] 20070718 Security Alert: User passed parameter values via CSP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/57d7c80dde26fda3/7845e246da5b095b"
},
{
"name": "40178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40178"
},
{
"name": "26541",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26541"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.intersystems.com/support/cflash/2007announce.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the login page redirection logic in the Cache\u0027 Server Page (CSP) implementation in InterSystems Cache\u0027 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Cache-News] 20070718 Security Alert: User passed parameter values via CSP",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/57d7c80dde26fda3/7845e246da5b095b"
},
{
"name": "40178",
"refsource": "OSVDB",
"url": "http://osvdb.org/40178"
},
{
"name": "26541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26541"
},
{
"name": "http://www.intersystems.com/support/cflash/2007announce.html",
"refsource": "CONFIRM",
"url": "http://www.intersystems.com/support/cflash/2007announce.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4427",
"datePublished": "2007-08-20T19:00:00.000Z",
"dateReserved": "2007-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2684 (GCVE-0-2004-2684)
Vulnerability from cvelistv5 – Published: 2007-08-20 19:00 – Updated: 2024-09-16 22:51
VLAI
EPSS
VEX
Summary
Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://groups.google.com/group/intersystems-publi… | mailing-listx_refsource_MLIST |
| http://groups.google.com/group/intersystems-publi… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Cache-News] 20040310 Updated Security Alert - %template",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/7af3237a57e97f14/da52318590c68c75"
},
{
"name": "[Cache-News] 20040309 Security Alert - %template",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/cda052864061faf7/b1c4ad61ca27c514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the %template package in InterSystems Cache\u0027 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\\studio\\templates and (b) Devuser\\studio\\templates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Cache-News] 20040310 Updated Security Alert - %template",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/7af3237a57e97f14/da52318590c68c75"
},
{
"name": "[Cache-News] 20040309 Security Alert - %template",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/cda052864061faf7/b1c4ad61ca27c514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the %template package in InterSystems Cache\u0027 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\\studio\\templates and (b) Devuser\\studio\\templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Cache-News] 20040310 Updated Security Alert - %template",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/7af3237a57e97f14/da52318590c68c75"
},
{
"name": "[Cache-News] 20040309 Security Alert - %template",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/cda052864061faf7/b1c4ad61ca27c514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2684",
"datePublished": "2007-08-20T19:00:00.000Z",
"dateReserved": "2007-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:51:26.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1333 (GCVE-0-2003-1333)
Vulnerability from cvelistv5 – Published: 2007-08-20 19:00 – Updated: 2024-09-17 02:26
VLAI
EPSS
VEX
Summary
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://groups.google.com/group/intersystems-publi… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:01.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Cache\u0027 Server Page (CSP) implementation in InterSystems Cache\u0027 4.0.3 through 5.0.5 allows remote attackers to \"gain complete control\" of a server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Cache\u0027 Server Page (CSP) implementation in InterSystems Cache\u0027 4.0.3 through 5.0.5 allows remote attackers to \"gain complete control\" of a server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43",
"refsource": "CONFIRM",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1333",
"datePublished": "2007-08-20T19:00:00.000Z",
"dateReserved": "2007-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:26:28.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2683 (GCVE-0-2004-2683)
Vulnerability from cvelistv5 – Published: 2007-08-20 19:00 – Updated: 2024-09-16 16:23
VLAI
EPSS
VEX
Summary
Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://groups.google.com/group/intersystems-publi… | mailing-listx_refsource_MLIST |
| http://groups.google.com/group/intersystems-publi… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Cache-News] 20040303 Security Alert",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/809f96becb84b6da/938000c0f3d48a48"
},
{
"name": "[Cache-News] 20040305 Security Alert Correction",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/53db65fbb73fc254/37358d45de1cc583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache\u0027 5.0 allows attackers to access arbitrary files on a server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Cache-News] 20040303 Security Alert",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/809f96becb84b6da/938000c0f3d48a48"
},
{
"name": "[Cache-News] 20040305 Security Alert Correction",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/53db65fbb73fc254/37358d45de1cc583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache\u0027 5.0 allows attackers to access arbitrary files on a server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Cache-News] 20040303 Security Alert",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/809f96becb84b6da/938000c0f3d48a48"
},
{
"name": "[Cache-News] 20040305 Security Alert Correction",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/53db65fbb73fc254/37358d45de1cc583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2683",
"datePublished": "2007-08-20T19:00:00.000Z",
"dateReserved": "2007-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:23:46.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0437 (GCVE-0-2007-0437)
Vulnerability from cvelistv5 – Published: 2007-08-20 18:00 – Updated: 2024-09-16 20:53
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.mwrinfosecurity.com/news/1658.html | x_refsource_MISC |
| http://www.mwrinfosecurity.com/advisories/mwri_ca… | x_refsource_MISC |
| http://www.cpni.gov.uk/Products/alerts/2928.aspx | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mwrinfosecurity.com/news/1658.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cpni.gov.uk/Products/alerts/2928.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache\u0027 Server Page (CSP) scripts in InterSystems Cache\u0027 allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-20T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mwrinfosecurity.com/news/1658.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cpni.gov.uk/Products/alerts/2928.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache\u0027 Server Page (CSP) scripts in InterSystems Cache\u0027 allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mwrinfosecurity.com/news/1658.html",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/news/1658.html"
},
{
"name": "http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf"
},
{
"name": "http://www.cpni.gov.uk/Products/alerts/2928.aspx",
"refsource": "MISC",
"url": "http://www.cpni.gov.uk/Products/alerts/2928.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0437",
"datePublished": "2007-08-20T18:00:00.000Z",
"dateReserved": "2007-01-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:53:06.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0498 (GCVE-0-2003-0498)
Vulnerability from cvelistv5 – Published: 2003-07-04 04:00 – Updated: 2024-08-08 01:58
VLAI
EPSS
VEX
Summary
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.verisigninc.com/en_US/products-and-ser… | third-party-advisoryx_refsource_IDEFENSE |
| https://www.intersystems.com/support-learning/sup… | x_refsource_CONFIRM |
Date Public
2003-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cach\u00e9 Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cach\u00e9 Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"name": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/",
"refsource": "CONFIRM",
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0498",
"datePublished": "2003-07-04T04:00:00.000Z",
"dateReserved": "2003-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:58:11.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0497 (GCVE-0-2003-0497)
Vulnerability from cvelistv5 – Published: 2003-07-04 04:00 – Updated: 2024-08-08 01:58
VLAI
EPSS
VEX
Summary
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.verisigninc.com/en_US/products-and-ser… | third-party-advisoryx_refsource_IDEFENSE |
| https://www.intersystems.com/support-learning/sup… | x_refsource_CONFIRM |
Date Public
2003-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cach\u00e9 Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cach\u00e9 Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"name": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/",
"refsource": "CONFIRM",
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0497",
"datePublished": "2003-07-04T04:00:00.000Z",
"dateReserved": "2003-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:58:10.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17151 (GCVE-0-2018-17151)
Vulnerability from nvd – Published: 2019-07-11 18:44 – Updated: 2024-08-05 10:39
VLAI
EPSS
VEX
Summary
Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories/intersystem… | x_refsource_MISC |
Date Public
2019-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T18:44:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17151",
"datePublished": "2019-07-11T18:44:53.000Z",
"dateReserved": "2018-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:39:59.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17152 (GCVE-0-2018-17152)
Vulnerability from nvd – Published: 2019-07-11 18:42 – Updated: 2024-08-05 10:39
VLAI
EPSS
VEX
Summary
Intersystems Cache 2017.2.2.865.0 allows XXE.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories/intersystem… | x_refsource_MISC |
Date Public
2019-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Intersystems Cache 2017.2.2.865.0 allows XXE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T18:42:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intersystems Cache 2017.2.2.865.0 allows XXE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17152",
"datePublished": "2019-07-11T18:42:44.000Z",
"dateReserved": "2018-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:39:59.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17150 (GCVE-0-2018-17150)
Vulnerability from nvd – Published: 2019-07-11 18:40 – Updated: 2024-08-05 10:39
VLAI
EPSS
VEX
Summary
Intersystems Cache 2017.2.2.865.0 allows XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories/intersystem… | x_refsource_MISC |
Date Public
2019-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Intersystems Cache 2017.2.2.865.0 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T18:40:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intersystems Cache 2017.2.2.865.0 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17150",
"datePublished": "2019-07-11T18:40:35.000Z",
"dateReserved": "2018-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:39:59.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4427 (GCVE-0-2007-4427)
Vulnerability from nvd – Published: 2007-08-20 19:00 – Updated: 2024-08-07 14:53
VLAI
EPSS
VEX
Summary
Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://groups.google.com/group/intersystems-publi… | mailing-listx_refsource_MLIST |
| http://osvdb.org/40178 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/26541 | third-party-advisoryx_refsource_SECUNIA |
| http://www.intersystems.com/support/cflash/2007an… | x_refsource_CONFIRM |
Date Public
2007-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Cache-News] 20070718 Security Alert: User passed parameter values via CSP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/57d7c80dde26fda3/7845e246da5b095b"
},
{
"name": "40178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40178"
},
{
"name": "26541",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26541"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.intersystems.com/support/cflash/2007announce.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the login page redirection logic in the Cache\u0027 Server Page (CSP) implementation in InterSystems Cache\u0027 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-09-13T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Cache-News] 20070718 Security Alert: User passed parameter values via CSP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/57d7c80dde26fda3/7845e246da5b095b"
},
{
"name": "40178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40178"
},
{
"name": "26541",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26541"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.intersystems.com/support/cflash/2007announce.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the login page redirection logic in the Cache\u0027 Server Page (CSP) implementation in InterSystems Cache\u0027 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Cache-News] 20070718 Security Alert: User passed parameter values via CSP",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/57d7c80dde26fda3/7845e246da5b095b"
},
{
"name": "40178",
"refsource": "OSVDB",
"url": "http://osvdb.org/40178"
},
{
"name": "26541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26541"
},
{
"name": "http://www.intersystems.com/support/cflash/2007announce.html",
"refsource": "CONFIRM",
"url": "http://www.intersystems.com/support/cflash/2007announce.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4427",
"datePublished": "2007-08-20T19:00:00.000Z",
"dateReserved": "2007-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0437 (GCVE-0-2007-0437)
Vulnerability from nvd – Published: 2007-08-20 18:00 – Updated: 2024-09-16 20:53
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.mwrinfosecurity.com/news/1658.html | x_refsource_MISC |
| http://www.mwrinfosecurity.com/advisories/mwri_ca… | x_refsource_MISC |
| http://www.cpni.gov.uk/Products/alerts/2928.aspx | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mwrinfosecurity.com/news/1658.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cpni.gov.uk/Products/alerts/2928.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache\u0027 Server Page (CSP) scripts in InterSystems Cache\u0027 allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-20T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mwrinfosecurity.com/news/1658.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cpni.gov.uk/Products/alerts/2928.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache\u0027 Server Page (CSP) scripts in InterSystems Cache\u0027 allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mwrinfosecurity.com/news/1658.html",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/news/1658.html"
},
{
"name": "http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf"
},
{
"name": "http://www.cpni.gov.uk/Products/alerts/2928.aspx",
"refsource": "MISC",
"url": "http://www.cpni.gov.uk/Products/alerts/2928.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0437",
"datePublished": "2007-08-20T18:00:00.000Z",
"dateReserved": "2007-01-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:53:06.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2684 (GCVE-0-2004-2684)
Vulnerability from nvd – Published: 2007-08-20 19:00 – Updated: 2024-09-16 22:51
VLAI
EPSS
VEX
Summary
Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://groups.google.com/group/intersystems-publi… | mailing-listx_refsource_MLIST |
| http://groups.google.com/group/intersystems-publi… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Cache-News] 20040310 Updated Security Alert - %template",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/7af3237a57e97f14/da52318590c68c75"
},
{
"name": "[Cache-News] 20040309 Security Alert - %template",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/cda052864061faf7/b1c4ad61ca27c514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the %template package in InterSystems Cache\u0027 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\\studio\\templates and (b) Devuser\\studio\\templates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Cache-News] 20040310 Updated Security Alert - %template",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/7af3237a57e97f14/da52318590c68c75"
},
{
"name": "[Cache-News] 20040309 Security Alert - %template",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/cda052864061faf7/b1c4ad61ca27c514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the %template package in InterSystems Cache\u0027 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\\studio\\templates and (b) Devuser\\studio\\templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Cache-News] 20040310 Updated Security Alert - %template",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/7af3237a57e97f14/da52318590c68c75"
},
{
"name": "[Cache-News] 20040309 Security Alert - %template",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/cda052864061faf7/b1c4ad61ca27c514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2684",
"datePublished": "2007-08-20T19:00:00.000Z",
"dateReserved": "2007-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:51:26.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2683 (GCVE-0-2004-2683)
Vulnerability from nvd – Published: 2007-08-20 19:00 – Updated: 2024-09-16 16:23
VLAI
EPSS
VEX
Summary
Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://groups.google.com/group/intersystems-publi… | mailing-listx_refsource_MLIST |
| http://groups.google.com/group/intersystems-publi… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Cache-News] 20040303 Security Alert",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/809f96becb84b6da/938000c0f3d48a48"
},
{
"name": "[Cache-News] 20040305 Security Alert Correction",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/53db65fbb73fc254/37358d45de1cc583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache\u0027 5.0 allows attackers to access arbitrary files on a server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Cache-News] 20040303 Security Alert",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/809f96becb84b6da/938000c0f3d48a48"
},
{
"name": "[Cache-News] 20040305 Security Alert Correction",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/53db65fbb73fc254/37358d45de1cc583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache\u0027 5.0 allows attackers to access arbitrary files on a server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Cache-News] 20040303 Security Alert",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/809f96becb84b6da/938000c0f3d48a48"
},
{
"name": "[Cache-News] 20040305 Security Alert Correction",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/53db65fbb73fc254/37358d45de1cc583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2683",
"datePublished": "2007-08-20T19:00:00.000Z",
"dateReserved": "2007-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:23:46.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1333 (GCVE-0-2003-1333)
Vulnerability from nvd – Published: 2007-08-20 19:00 – Updated: 2024-09-17 02:26
VLAI
EPSS
VEX
Summary
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://groups.google.com/group/intersystems-publi… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:01.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Cache\u0027 Server Page (CSP) implementation in InterSystems Cache\u0027 4.0.3 through 5.0.5 allows remote attackers to \"gain complete control\" of a server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Cache\u0027 Server Page (CSP) implementation in InterSystems Cache\u0027 4.0.3 through 5.0.5 allows remote attackers to \"gain complete control\" of a server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43",
"refsource": "CONFIRM",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1333",
"datePublished": "2007-08-20T19:00:00.000Z",
"dateReserved": "2007-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:26:28.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0498 (GCVE-0-2003-0498)
Vulnerability from nvd – Published: 2003-07-04 04:00 – Updated: 2024-08-08 01:58
VLAI
EPSS
VEX
Summary
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.verisigninc.com/en_US/products-and-ser… | third-party-advisoryx_refsource_IDEFENSE |
| https://www.intersystems.com/support-learning/sup… | x_refsource_CONFIRM |
Date Public
2003-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cach\u00e9 Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cach\u00e9 Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"name": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/",
"refsource": "CONFIRM",
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0498",
"datePublished": "2003-07-04T04:00:00.000Z",
"dateReserved": "2003-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:58:11.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0497 (GCVE-0-2003-0497)
Vulnerability from nvd – Published: 2003-07-04 04:00 – Updated: 2024-08-08 01:58
VLAI
EPSS
VEX
Summary
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.verisigninc.com/en_US/products-and-ser… | third-party-advisoryx_refsource_IDEFENSE |
| https://www.intersystems.com/support-learning/sup… | x_refsource_CONFIRM |
Date Public
2003-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cach\u00e9 Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cach\u00e9 Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"name": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/",
"refsource": "CONFIRM",
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0497",
"datePublished": "2003-07-04T04:00:00.000Z",
"dateReserved": "2003-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:58:10.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}