PT-2002-3137 · Sun · Sun Answerbook2

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2425

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sun AnswerBook2 versions 1.2 through 1.4.2

Description The issue allows remote attackers to execute administrative scripts, such as AdminViewError and AdminAddadmin, via a direct request to specific API endpoints.

Recommendations For Sun AnswerBook2 versions 1.2 through 1.4.2, consider restricting access to administrative scripts AdminViewError and AdminAddadmin to prevent unauthorized execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2002-2425

Affected Products

Sun Answerbook2

PT-2002-3137 · Sun · Sun Answerbook2

CVE-2002-2425

Weakness Enumeration

Related Identifiers

Affected Products

References · 5