Vulnerability Description
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Datev | Nutzungskontrolle | 2.1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013113.htmlExploitPatch
- http://www.securityfocus.com/bid/8950ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13589
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013113.htmlExploitPatch
- http://www.securityfocus.com/bid/8950ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13589
FAQ
What is CVE-2003-1169?
CVE-2003-1169 is a vulnerability with a CVSS score of 4.6 (MEDIUM). DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys...
How severe is CVE-2003-1169?
CVE-2003-1169 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1169?
Check the references section above for vendor advisories and patch information. Affected products include: Datev Nutzungskontrolle.