Vulnerability Name:

CVE-2001-0845 (CCN-7425)

Assigned:2001-10-30
Published:2001-10-30
Updated:2017-12-19
Summary:Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Compaq Security Advisory SSRT0738
OpenVMS Security Mandatory Update, OVMSMUP03

Source: MITRE
Type: CNA
CVE-2001-0845

Source: COMPAQ
Type: Patch, Vendor Advisory
SSRT0738

Source: CCN
Type: Compaq Support Web site
WELCOME TO COMPAQ SUPPORT

Source: CCN
Type: OSVDB ID: 11088
Multiple VAX DECwindows Motif Server Local Privilege Escalation

Source: BID
Type: UNKNOWN
3492

Source: CCN
Type: BID-3492
OpenVMS DECWindows Motif Server Vulnerability

Source: XF
Type: UNKNOWN
openvms-dms-unauthorized-access(7425)

Source: XF
Type: UNKNOWN
openvms-dms-unauthorized-access(7425)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:dec:dec_openvms:6.2_vax:*:*:*:*:*:*:*
  • OR cpe:/a:dec:dec_openvms:7.1_vax:*:*:*:*:*:*:*
  • OR cpe:/a:dec:dec_openvms:7.2_vax:*:*:*:*:*:*:*
  • OR cpe:/a:dec:dec_openvms:7.3_vax:*:*:*:*:*:*:*
  • OR cpe:/a:dec:dec_openvms_alpha:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:dec:dec_openvms_alpha:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:dec:dec_openvms_alpha:7.2.1h1:*:*:*:*:*:*:*
  • OR cpe:/a:dec:dec_openvms_alpha:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:dec:dec_openvms_alpha:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:dec:sevms:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:dec:sevms_alpha:6.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:hp:openvms_alpha:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms_alpha:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms_alpha:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms_alpha:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms_vax:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms_vax:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms_vax:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms_vax:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    dec dec openvms 6.2_vax
    dec dec openvms 7.1_vax
    dec dec openvms 7.2_vax
    dec dec openvms 7.3_vax
    dec dec openvms alpha 6.2
    dec dec openvms alpha 7.1.2
    dec dec openvms alpha 7.2.1h1
    dec dec openvms alpha 7.2.2
    dec dec openvms alpha 7.3
    dec sevms 6.2
    dec sevms alpha 6.2
    hp openvms alpha 6.2
    hp openvms alpha 7.1
    hp openvms alpha 7.2
    hp openvms alpha 7.3
    hp openvms vax 6.2
    hp openvms vax 7.1
    hp openvms vax 7.2
    hp openvms vax 7.3