Vulnerability Details : CVE-2005-4458
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.
Products affected by CVE-2005-4458
- cpe:2.3:a:metadot:metadot_portal_server:5.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:6.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:6.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5.4b5:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:6.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:6.4.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-4458
0.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-4458
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
References for CVE-2005-4458
-
http://securityreason.com/securityalert/287
-
http://www.vupen.com/english/advisories/2005/3030
-
http://www.securityfocus.com/archive/1/420002/100/0/threaded
-
http://www.metadot.com/metadot/index.pl?iid=2632
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/23847
-
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1012.html
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/15975
Patch
Jump to