CVE-2001-1448 : Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly exec

Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.

Published 2001-12-17 05:00:00

Updated 2017-07-11 01:29:08

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2001-1448

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2001-1448

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2001-1448

https://exchange.xforce.ibmcloud.com/vulnerabilities/10616
http://www.securityfocus.com/archive/1/246343

Exploit
http://www.kb.cert.org/vuls/id/157795

US Government Resource

Products affected by CVE-2001-1448

Magic » Edeveloper » Enterprise Edition
Versions up to, including, (<=) 8.30.5
cpe:2.3:a:magic:edeveloper:*:*:enterprise:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2001-1448

Exploit prediction scoring system (EPSS) score for CVE-2001-1448

CVSS scores for CVE-2001-1448

References for CVE-2001-1448

Products affected by CVE-2001-1448