7.5
CVSSv2

CVE-2001-1016

Published: 04/09/2001 Updated: 10/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

PGP Corporate Desktop prior to 7.1, Personal Security prior to 7.0.3, Freeware prior to 7.0.3, and E-Business Server prior to 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an malicious user to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."

Vulnerable Product Search on Vulmon Subscribe to Product

pgp freeware 7.0.3

pgp e-business server 6.5.8

pgp corporate desktop 7.1

pgp pgp 6.0.2

pgp pgp 5.0

pgp personal security 7.0.3

pgp e-business server 7.1

pgp e-business server 7.0.4