Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2003-0148

Published: 27/08/2003 Updated: 10/09/2008
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Epolicy Orchestrator

Vulnerability Summary

The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 up to and including 3.0 allows malicious users to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.

Vulnerable Product Search on Vulmon Subscribe to Product

mcafee epolicy orchestrator 2.5

mcafee epolicy orchestrator 2.5.1

mcafee epolicy orchestrator 3.0

mcafee epolicy orchestrator 2.0

References

NVD-CWE-Otherhttp://www.atstake.com/research/advisories/2003/a073103-1.txthttp://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asphttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook