Vulnerability Description
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intersystems | Cache Database | 5 |
Related Weaknesses (CWE)
References
- http://www.verisigninc.com/en_US/products-and-services/network-intelligence-avai
- https://www.intersystems.com/support-learning/support/product-news-alerts/suppor
- http://www.verisigninc.com/en_US/products-and-services/network-intelligence-avai
- https://www.intersystems.com/support-learning/support/product-news-alerts/suppor
FAQ
What is CVE-2003-0498?
CVE-2003-0498 is a vulnerability with a CVSS score of 7.2 (HIGH). Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileg...
How severe is CVE-2003-0498?
CVE-2003-0498 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0498?
Check the references section above for vendor advisories and patch information. Affected products include: Intersystems Cache Database.