CVE-2001-0620
First published: Fri Jul 27 2001(Updated: )
iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Communications Calendar Server | <=5.0p2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-0620?
CVE-2001-0620 has a high severity due to its potential to expose sensitive administrative credentials.
How do I fix CVE-2001-0620?
To fix CVE-2001-0620, ensure that the configuration file's permissions are securely set to restrict unauthorized access.
Which versions are affected by CVE-2001-0620?
CVE-2001-0620 affects iPlanet Calendar Server versions 5.0p2 and earlier.
Can CVE-2001-0620 lead to unauthorized data access?
Yes, CVE-2001-0620 can allow local attackers to access the Netscape Admin Server's LDAP database and read arbitrary files.
Is there a known workaround for CVE-2001-0620?
A known workaround for CVE-2001-0620 is to regularly audit and tighten file permissions on the configuration files.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/iplanet
- canonical/oracle communications calendar server
- version/oracle communications calendar server/5.0p2