CVE-2007-0433

Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/221	Vendor Advisory
http://osvdb.org/32861
http://secunia.com/advisories/23786	Vendor Advisory
http://securitytracker.com/id?1017524	Vendor Advisory
http://www.securityfocus.com/bid/22082

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:aqualogic_service_bus:2.0:::::::*
	cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp1::::::
	cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp2::::::
	cpe:2.3:a:bea:aqualogic_service_bus:2.1:::::::*
	cpe:2.3:a:bea:aqualogic_service_bus:2.1:sp1::::::
	cpe:2.3:a:bea:aqualogic_service_bus:2.2:::::::*

History

No history.

Information

Published : 2007-01-23 02:28

Updated : 2008-11-13 06:31

NVD link : CVE-2007-0433

Mitre link : CVE-2007-0433

CVE.ORG link : CVE-2007-0433

JSON object : View

Products Affected

bea

aqualogic_service_bus

CWE

NVD-CWE-Other

{"id": "CVE-2007-0433", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-01-23T02:28:00.000", "references": [{"url": "http://dev2dev.bea.com/pub/advisory/221", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/32861", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23786", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017524", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22082", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled."}, {"lang": "es", "value": "Vulnerabilidad no especificada en BEA AquaLogic Enterprise Security 2.0 hasta 2.0 SP2, 2.1 hasta 2.1 SP1, y 2.2, cuando se usa LDAP del Directorio Activo para la autenticaci\u00f3n, permite a usuarios autenticados remotamente acceder al servidor incluso despu\u00e9s de que la cuenta ha sido desactivada."}], "lastModified": "2008-11-13T06:31:53.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23565F9E-2EBC-486E-BC09-F80F3B36605C"}, {"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97E9CD0B-3756-486C-842D-6DF8F2E0F958"}, {"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B7DDF94-2BDE-4140-9C49-E13F55CB20E2"}, {"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DA30C95-CD31-49DD-80FC-567C2E73E1A4"}, {"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8957182-15B8-48B2-AF78-194C1BB3E2C1"}, {"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BB0FDF9-0CDD-49D1-838A-B368847EE49C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}