CVE-2007-2849
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check.
El Administrador de Documentos KnowledgeTree (también conocido como KnowledgeTree Open Source) anterior al STABLE 3.3.7 no requiere contraseña para usuarios no registrados, cuando el usuario existe en el Active Directory, lo que permite a atacantes remotos validarse en el KTDMS sin tener un control de autorización intencionado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-05-24 CVE Reserved
- 2007-05-24 CVE Published
- 2024-07-19 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/36578 | Vdb Entry | |
| http://sourceforge.net/forum/forum.php?forum_id=698243 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/24110 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/1920 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34463 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25360 | 2017-07-29 | |
| http://sourceforge.net/project/shownotes.php?release_id=510338 | 2017-07-29 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Knowledgetree Document Management Search vendor "Knowledgetree Document Management" | Knowledgetree Document Management Search vendor "Knowledgetree Document Management" for product "Knowledgetree Document Management" | 3.3.3 Search vendor "Knowledgetree Document Management" for product "Knowledgetree Document Management" and version "3.3.3" | - |
Affected
| ||||||