Vulnerability Description
Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Magic | Edeveloper | <= 8.30.5 |
References
- http://www.kb.cert.org/vuls/id/157795US Government Resource
- http://www.securityfocus.com/archive/1/246343Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10616
- http://www.kb.cert.org/vuls/id/157795US Government Resource
- http://www.securityfocus.com/archive/1/246343Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10616
FAQ
What is CVE-2001-1448?
CVE-2001-1448 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, ...
How severe is CVE-2001-1448?
CVE-2001-1448 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1448?
Check the references section above for vendor advisories and patch information. Affected products include: Magic Edeveloper.