CVE-2007-0433 - OpenCVE

Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Bea	Aqualogic Service Bus

Configuration 1 [-]

OR	cpe:2.3:a:bea:aqualogic_service_bus:2.0:::::::*
	cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp1::::::
	cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp2::::::
	cpe:2.3:a:bea:aqualogic_service_bus:2.1:::::::*
	cpe:2.3:a:bea:aqualogic_service_bus:2.1:sp1::::::
	cpe:2.3:a:bea:aqualogic_service_bus:2.2:::::::*

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/221	Vendor Advisory
http://osvdb.org/32861
http://secunia.com/advisories/23786	Vendor Advisory
http://securitytracker.com/id?1017524	Vendor Advisory
http://www.securityfocus.com/bid/22082

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-23T02:00:00

Updated: 2007-09-13T09:00:00

Reserved: 2007-01-22T00:00:00

Link: CVE-2007-0433

JSON object: View

NVD Information

Status : Modified

Published: 2007-01-23T02:28:00.000

Modified: 2008-11-13T06:31:53.673

Link: CVE-2007-0433

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-17T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-09-13T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "BEA07-154.00", "tags": ["vendor-advisory", "x_refsource_BEA"], "url": "http://dev2dev.bea.com/pub/advisory/221"}, {"name": "22082", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22082"}, {"name": "23786", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23786"}, {"name": "32861", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32861"}, {"name": "1017524", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017524"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0433", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "BEA07-154.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/221"}, {"name": "22082", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22082"}, {"name": "23786", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23786"}, {"name": "32861", "refsource": "OSVDB", "url": "http://osvdb.org/32861"}, {"name": "1017524", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017524"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0433", "datePublished": "2007-01-23T02:00:00", "dateReserved": "2007-01-22T00:00:00", "dateUpdated": "2007-09-13T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "23565F9E-2EBC-486E-BC09-F80F3B36605C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "97E9CD0B-3756-486C-842D-6DF8F2E0F958", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "1B7DDF94-2BDE-4140-9C49-E13F55CB20E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5DA30C95-CD31-49DD-80FC-567C2E73E1A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "C8957182-15B8-48B2-AF78-194C1BB3E2C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:aqualogic_service_bus:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1BB0FDF9-0CDD-49D1-838A-B368847EE49C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled."}, {"lang": "es", "value": "Vulnerabilidad no especificada en BEA AquaLogic Enterprise Security 2.0 hasta 2.0 SP2, 2.1 hasta 2.1 SP1, y 2.2, cuando se usa LDAP del Directorio Activo para la autenticaci\u00f3n, permite a usuarios autenticados remotamente acceder al servidor incluso despu\u00e9s de que la cuenta ha sido desactivada."}], "id": "CVE-2007-0433", "lastModified": "2008-11-13T06:31:53.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-23T02:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://dev2dev.bea.com/pub/advisory/221"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32861"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23786"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://securitytracker.com/id?1017524"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22082"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}