Vulnerability Details : CVE-2010-0935
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
Products affected by CVE-2010-0935
- cpe:2.3:a:perforce:perforce_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2006.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2006.1:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2002.1:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2001.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2004.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2003.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2007.3:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2007.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2003.1:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2002.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2005.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2005.1:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2001.1:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2000.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2000.1:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2008.1:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2007.3_143793:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:2008.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:99.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:98.2:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:99.1:*:*:*:*:*:*:*
- cpe:2.3:a:perforce:perforce_server:97.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0935
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0935
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:N/AC:H/Au:S/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2010-0935
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0935
-
http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html
Page not found | Perforce
-
http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html
Exploit
-
http://www.securityfocus.com/bid/36261
Perforce Multiple Remote Security Vulnerabilities
Jump to